MGASA-2026-0252

Source
https://advisories.mageia.org/MGASA-2026-0252.html
Import Source
https://advisories.mageia.org/MGASA-2026-0252.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2026-0252
Upstream
Published
2026-07-14T16:40:11Z
Modified
2026-07-14T16:50:04.417885201Z
Summary
Updated imagemagick packages fix security vulnerabilities
Details

The updated packages fix numerous security vulnerabilities: Code injection in HTML encoder due to incomplete fix of CVE-2026-25797. (CVE-2026-25797) Heap Buffer Underwrite in Floyd-Steinberg depth dithering. (CVE-2026-48724) Infinite Loop in subimage-search with crafted image. (CVE-2026-48733) Stack Overflow in MVG decoder. (CVE-2026-48734) Policy Bypass in DCM decoder could result in image with invalid dimensions. (CVE-2026-49218) Policy Bypass can read disallowed files. (CVE-2026-49219) Heap Buffer Over-Write in MAT decoder on 32-bit systems. (CVE-2026-48994) Policy Bypass can trigger out-of-Memory condition. (CVE-2026-53460) Heap Buffer Over-Write in ICON decoder due to incorrect loop. (CVE-2026-53461) Use-After-Free when allocation in CheckPrimitiveExtent fails. (CVE-2026-53462) Null Pointer Dereference in distort operation when passing incorrect arguments. (CVE-2026-53463) Memory Leak in wand option parser when providing invalid arguments. (CVE-2026-53464) Heap Buffer Over-Write in SF3 encoder when writing multi-frame image. (CVE-2026-53465) Heap Buffer Over-Read in XCF decoder due to integer conversion overflow. (CVE-2026-53466) Information Disclosure in MNG decoder because allocated memory is left unchanged. (CVE-2026-53467) Use-After-Free in crafted 8BIM when identifying an image. (CVE-2026-55510) Heap Buffer Overflow in ImageMagick MVG decoder. (CVE-2026-55577) Stack Overflow in MVG decoder due to missing depth check. (CVE-2026-55594) Infinite Loop in connected-components when providing invalid arguments. (CVE-2026-55595) Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of arguments. (CVE-2026-55597) Policy Bypass in concatenate operation due to missing checks. (CVE-2026-55628)

References
Credits

Affected packages

Mageia:10 / imagemagick

Package

Name
imagemagick
Purl
pkg:rpm/mageia/imagemagick?arch=source&distro=mageia-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.1.2.27-1.mga10

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0252.json"

Mageia:10 / imagemagick

Package

Name
imagemagick
Purl
pkg:rpm/mageia/imagemagick?arch=source&distro=mageia-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.1.2.27-1.mga10.tainted

Ecosystem specific

{
    "section": "tainted"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0252.json"