{
  "schema_version": "1.7.0",
  "id": "MGASA-2026-0252",
  "published": "2026-07-14T16:40:11Z",
  "modified": "2026-07-14T16:36:16Z",
  "summary": "Updated imagemagick packages fix security vulnerabilities",
  "details": "The updated packages fix numerous security vulnerabilities:\nCode injection in HTML encoder due to incomplete fix of CVE-2026-25797.\n(CVE-2026-25797)\nHeap Buffer Underwrite in Floyd-Steinberg depth dithering.\n(CVE-2026-48724)\nInfinite Loop in subimage-search with crafted image. (CVE-2026-48733)\nStack Overflow in MVG decoder. (CVE-2026-48734)\nPolicy Bypass in DCM decoder could result in image with invalid\ndimensions. (CVE-2026-49218)\nPolicy Bypass can read disallowed files. (CVE-2026-49219)\nHeap Buffer Over-Write in MAT decoder on 32-bit systems.\n(CVE-2026-48994)\nPolicy Bypass can trigger out-of-Memory condition. (CVE-2026-53460)\nHeap Buffer Over-Write in ICON decoder due to incorrect loop.\n(CVE-2026-53461)\nUse-After-Free when allocation in CheckPrimitiveExtent fails.\n(CVE-2026-53462)\nNull Pointer Dereference in distort operation when passing incorrect\narguments. (CVE-2026-53463)\nMemory Leak in wand option parser when providing invalid arguments.\n(CVE-2026-53464)\nHeap Buffer Over-Write in SF3 encoder when writing multi-frame image.\n(CVE-2026-53465)\nHeap Buffer Over-Read in XCF decoder due to integer conversion overflow.\n(CVE-2026-53466)\nInformation Disclosure in MNG decoder because allocated memory is left\nunchanged. (CVE-2026-53467)\nUse-After-Free in crafted 8BIM when identifying an image.\n(CVE-2026-55510)\nHeap Buffer Overflow in ImageMagick MVG decoder. (CVE-2026-55577)\nStack Overflow in MVG decoder due to missing depth check.\n(CVE-2026-55594)\nInfinite Loop in connected-components when providing invalid arguments.\n(CVE-2026-55595)\nHeap Buffer Over-Write in JP2 encoder when due to incorrect handling of\narguments. (CVE-2026-55597)\nPolicy Bypass in concatenate operation due to missing checks.\n(CVE-2026-55628)\n",
  "upstream": [
    "CVE-2026-48724",
    "CVE-2026-48733",
    "CVE-2026-48734",
    "CVE-2026-49218",
    "CVE-2026-49219",
    "CVE-2026-48994",
    "CVE-2026-53460",
    "CVE-2026-53461",
    "CVE-2026-53462",
    "CVE-2026-53463",
    "CVE-2026-53464",
    "CVE-2026-53465",
    "CVE-2026-53466",
    "CVE-2026-53467",
    "CVE-2026-55510",
    "CVE-2026-55628",
    "CVE-2026-55594",
    "CVE-2026-55595",
    "CVE-2026-55597",
    "CVE-2026-25797",
    "CVE-2026-55577"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2026-0252.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=35866"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2hhq-c99x-492r"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h36c-3666-h489"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5v62-8fq6-cp9m"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm48-c7f2-v67p"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8pj9-6897-74xc"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xcjm-wqff-m669"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4v89-6mgq-6rgc"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q62c-h75r-2xhc"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g22q-f7gc-5jhr"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-px7q-ggqj-hcf2"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p9rq-q46c-g4x6"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j989-f892-2335"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-44cp-c3ww-9rv5"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h5r4-w88w-7ccr"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h58x-r7f7-rh84"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-m596-67p7-69wh"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r628-69v2-2f9c"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h7f2-f9cc-h2gv"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jfq9-q63x-rc63"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-99w9-hv66-rfv7"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j8rh-v2r8-v94x"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7c7m-fpjw-gwcq"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6vxp-gfwf-hcr9"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hwf3-r46v-5ggx"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8g53-9m3c-69xg"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvxh-prvr-85w2"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6jwg-7q3p-5fqm"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-ff5c-8x9r-8qcw"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vghg-5jrg-2398"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v3j6-27vc-7pw2"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh5g-q395-cx4j"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hc76-7mpc-qjqh"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56m6-8q75-f2rw"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rvhp-75f6-9jqh"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mx48-2qq3-23hf"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-76q6-2p6h-xjqr"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:10",
        "name": "imagemagick",
        "purl": "pkg:rpm/mageia/imagemagick?arch=source&distro=mageia-10"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.1.2.27-1.mga10"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:10",
        "name": "imagemagick",
        "purl": "pkg:rpm/mageia/imagemagick?arch=source&distro=mageia-10"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.1.2.27-1.mga10.tainted"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "tainted"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}
