[CLSA-2026:1777394739] ImageMagick: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2026-04-28 16:45:43 UTC
Description:
- CVE-2026-33900: integer truncation/wraparound in the viff encoder that could trigger an out-of-bounds heap write on 32-bit builds (GHSA-v67w-737x-v2c9; upstream b6c01a5a23f1e350ebe2db78c7cc326db2e320c9) - CVE-2026-33905: out-of-bounds read in SampleImage when sample:offset is set via -sample define (GHSA-pcvx-ph33-r5vv; upstream 140fc7b01fa7d870b3bc8453fb7adccfb7c1e202 with follow-up 8d73954bf7e13a352e71a32cf7d18905577f17e8)
Updated packages:
  • ImageMagick-6.9.13.25-1.el8_4.tuxcare.els28.x86_64.rpm
    sha:b02ff491972643e287963821061b8aee643c9b4ba515856d4703f6631714f897
  • ImageMagick-c++-6.9.13.25-1.el8_4.tuxcare.els28.x86_64.rpm
    sha:599fc5a2aaf2d94f9f3124e165de576729c88c3b659dc7f825a4dc692be24481
  • ImageMagick-c++-devel-6.9.13.25-1.el8_4.tuxcare.els28.x86_64.rpm
    sha:b0432e175b7e9a644a268385be9815a3b9ebed0a786f4cd407d3a1c4bedf75d6
  • ImageMagick-devel-6.9.13.25-1.el8_4.tuxcare.els28.x86_64.rpm
    sha:a96514f222a8657900fe744767c8fbc83aeca87e2221c6cf5d74600bc2159e90
  • ImageMagick-djvu-6.9.13.25-1.el8_4.tuxcare.els28.x86_64.rpm
    sha:a622605a17b15f1ff0793c307b795bfc306eb93adec97d7dc960e5ac0c6cc658
  • ImageMagick-doc-6.9.13.25-1.el8_4.tuxcare.els28.x86_64.rpm
    sha:4775be11f2ac70f36034b81250d04ea8ec96d045a0140a2aba543c3a04206dd4
  • ImageMagick-libs-6.9.13.25-1.el8_4.tuxcare.els28.x86_64.rpm
    sha:a5239bcf5c8eb8b1993ea187390bcf0a65b94c29534640f9b981875976140a0c
  • ImageMagick-perl-6.9.13.25-1.el8_4.tuxcare.els28.x86_64.rpm
    sha:9253a06abe11c1401ae818d3fd14065d79a7da9ad0a5bb01afcaa3802e2ff27c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.