Release date:
2026-06-16 12:14:31 UTC
Description:
- CVE-2026-49218: add a missing zero-dimension check in the DCM decoder
(coders/dcm.c) so an image decoded with zero rows or columns can no
longer trigger a denial of service in downstream operations
- CVE-2026-49219: enforce the path security policy across followed
symlinks in magick/blob.c so a symlink can no longer bypass a
path-domain deny rule and disclose a restricted file
- CVE-2026-53460: honor the system:max-memory-request policy in
AcquireAlignedMemory (magick/memory.c) to prevent unbounded memory
allocation from an oversized request
- CVE-2026-53463: guard GenerateCoefficients (magick/distort.c) against a
missing distort argument to avoid a NULL pointer dereference
Updated packages:
-
ImageMagick-6.9.10.97-1.amzn2.0.29.tuxcare.els2.i686.rpm
sha:e4af232f693fd94604a9ba5f3ef5c5f38a4745681b849a702e0f893df7281522
-
ImageMagick-6.9.10.97-1.amzn2.0.29.tuxcare.els2.x86_64.rpm
sha:06c436b32e7debb9a0c10e81c2025da44f0d487deb19e1fd5ccbcd55b2661a0e
-
ImageMagick-c++-6.9.10.97-1.amzn2.0.29.tuxcare.els2.i686.rpm
sha:548b035e7c1349d9fbfe4129b87f4780fdc10f8089787ebf45f056092b62dee6
-
ImageMagick-c++-6.9.10.97-1.amzn2.0.29.tuxcare.els2.x86_64.rpm
sha:f4847a740cab25d04e7d3df5c44f878602bc3d478ed78e2ca8e1d909d3f63a16
-
ImageMagick-c++-devel-6.9.10.97-1.amzn2.0.29.tuxcare.els2.x86_64.rpm
sha:f6993e0022c3bddc795fcb8c70bed3bd57b5fa35cdc030cd483ae8d5674a0313
-
ImageMagick-devel-6.9.10.97-1.amzn2.0.29.tuxcare.els2.x86_64.rpm
sha:c7d393842fd29e3c46be7786119019e39714faab6a7643977bac35dd41a975e0
-
ImageMagick-doc-6.9.10.97-1.amzn2.0.29.tuxcare.els2.x86_64.rpm
sha:888add39a85f4796172b87246276da418ae9be6dbca4efa4863734f7ed91e3b7
-
ImageMagick-perl-6.9.10.97-1.amzn2.0.29.tuxcare.els2.x86_64.rpm
sha:d9548647653e39a339377ce59730eebb81c4818584e9f03b1652b35965b4a2c2
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
