Updated imagemagick packages fix security vulnerabilities
Publication date: 14 Jul 2026Modification date: 14 Jul 2026
Type: security
Affected Mageia releases : 10
CVE: CVE-2026-48724 , CVE-2026-48733 , CVE-2026-48734 , CVE-2026-49218 , CVE-2026-49219 , CVE-2026-48994 , CVE-2026-53460 , CVE-2026-53461 , CVE-2026-53462 , CVE-2026-53463 , CVE-2026-53464 , CVE-2026-53465 , CVE-2026-53466 , CVE-2026-53467 , CVE-2026-55510 , CVE-2026-55628 , CVE-2026-55594 , CVE-2026-55595 , CVE-2026-55597 , CVE-2026-25797 , CVE-2026-55577
Description
The updated packages fix numerous security vulnerabilities:
Code injection in HTML encoder due to incomplete fix of CVE-2026-25797.
(CVE-2026-25797)
Heap Buffer Underwrite in Floyd-Steinberg depth dithering.
(CVE-2026-48724)
Infinite Loop in subimage-search with crafted image. (CVE-2026-48733)
Stack Overflow in MVG decoder. (CVE-2026-48734)
Policy Bypass in DCM decoder could result in image with invalid
dimensions. (CVE-2026-49218)
Policy Bypass can read disallowed files. (CVE-2026-49219)
Heap Buffer Over-Write in MAT decoder on 32-bit systems.
(CVE-2026-48994)
Policy Bypass can trigger out-of-Memory condition. (CVE-2026-53460)
Heap Buffer Over-Write in ICON decoder due to incorrect loop.
(CVE-2026-53461)
Use-After-Free when allocation in CheckPrimitiveExtent fails.
(CVE-2026-53462)
Null Pointer Dereference in distort operation when passing incorrect
arguments. (CVE-2026-53463)
Memory Leak in wand option parser when providing invalid arguments.
(CVE-2026-53464)
Heap Buffer Over-Write in SF3 encoder when writing multi-frame image.
(CVE-2026-53465)
Heap Buffer Over-Read in XCF decoder due to integer conversion overflow.
(CVE-2026-53466)
Information Disclosure in MNG decoder because allocated memory is left
unchanged. (CVE-2026-53467)
Use-After-Free in crafted 8BIM when identifying an image.
(CVE-2026-55510)
Heap Buffer Overflow in ImageMagick MVG decoder. (CVE-2026-55577)
Stack Overflow in MVG decoder due to missing depth check.
(CVE-2026-55594)
Infinite Loop in connected-components when providing invalid arguments.
(CVE-2026-55595)
Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of
arguments. (CVE-2026-55597)
Policy Bypass in concatenate operation due to missing checks.
(CVE-2026-55628)
References
- https://bugs.mageia.org/show_bug.cgi?id=35866
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2hhq-c99x-492r
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h36c-3666-h489
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5v62-8fq6-cp9m
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm48-c7f2-v67p
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8pj9-6897-74xc
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xcjm-wqff-m669
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4v89-6mgq-6rgc
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q62c-h75r-2xhc
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g22q-f7gc-5jhr
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-px7q-ggqj-hcf2
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p9rq-q46c-g4x6
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j989-f892-2335
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-44cp-c3ww-9rv5
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h5r4-w88w-7ccr
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h58x-r7f7-rh84
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-m596-67p7-69wh
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r628-69v2-2f9c
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h7f2-f9cc-h2gv
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jfq9-q63x-rc63
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-99w9-hv66-rfv7
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j8rh-v2r8-v94x
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7c7m-fpjw-gwcq
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6vxp-gfwf-hcr9
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hwf3-r46v-5ggx
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8g53-9m3c-69xg
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvxh-prvr-85w2
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6jwg-7q3p-5fqm
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-ff5c-8x9r-8qcw
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vghg-5jrg-2398
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v3j6-27vc-7pw2
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh5g-q395-cx4j
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hc76-7mpc-qjqh
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56m6-8q75-f2rw
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rvhp-75f6-9jqh
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mx48-2qq3-23hf
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-76q6-2p6h-xjqr
- https://www.cve.org/CVERecord?id=CVE-2026-48724
- https://www.cve.org/CVERecord?id=CVE-2026-48733
- https://www.cve.org/CVERecord?id=CVE-2026-48734
- https://www.cve.org/CVERecord?id=CVE-2026-49218
- https://www.cve.org/CVERecord?id=CVE-2026-49219
- https://www.cve.org/CVERecord?id=CVE-2026-48994
- https://www.cve.org/CVERecord?id=CVE-2026-53460
- https://www.cve.org/CVERecord?id=CVE-2026-53461
- https://www.cve.org/CVERecord?id=CVE-2026-53462
- https://www.cve.org/CVERecord?id=CVE-2026-53463
- https://www.cve.org/CVERecord?id=CVE-2026-53464
- https://www.cve.org/CVERecord?id=CVE-2026-53465
- https://www.cve.org/CVERecord?id=CVE-2026-53466
- https://www.cve.org/CVERecord?id=CVE-2026-53467
- https://www.cve.org/CVERecord?id=CVE-2026-55510
- https://www.cve.org/CVERecord?id=CVE-2026-55628
- https://www.cve.org/CVERecord?id=CVE-2026-55594
- https://www.cve.org/CVERecord?id=CVE-2026-55595
- https://www.cve.org/CVERecord?id=CVE-2026-55597
- https://www.cve.org/CVERecord?id=CVE-2026-25797
- https://www.cve.org/CVERecord?id=CVE-2026-55577
SRPMS
10/core
- imagemagick-7.1.2.27-1.mga10
10/tainted
- imagemagick-7.1.2.27-1.mga10.tainted