[CLSA-2026:1777394326] ImageMagick: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2026-04-28 16:38:50 UTC
Description:
- CVE-2026-33900: integer truncation/wraparound in the viff encoder that could trigger an out-of-bounds heap write on 32-bit builds (GHSA-v67w-737x-v2c9; upstream b6c01a5a23f1e350ebe2db78c7cc326db2e320c9) - CVE-2026-33905: out-of-bounds read in SampleImage when sample:offset is set via -sample define (GHSA-pcvx-ph33-r5vv; upstream 140fc7b01fa7d870b3bc8453fb7adccfb7c1e202 with follow-up 8d73954bf7e13a352e71a32cf7d18905577f17e8)
Updated packages:
  • ImageMagick-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:3c1118f8a91c27492c18cf1d34237406cbbb8c03b5f3f344b146a3189a42e85f
  • ImageMagick-c++-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:8be68c800ab630f80b7b1ece2522f51e12f529ea5d6fb41584b16a94af084485
  • ImageMagick-c++-devel-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:54fa69abf9c2b357328312d054af92a5f88341ba0513640f6b05318a94ed81d3
  • ImageMagick-devel-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:f08194241746066ac653b9354d8d565ee79868b6a96033b4f42045e6d6394b7b
  • ImageMagick-djvu-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:e2d44885f9ef81c088ce4e2f813eb44afef37f02caab70f485afe1d4f2afcdfd
  • ImageMagick-doc-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:40718d715cb2931ceef0538a3f72b57aa5e3937fb0b25500fbc9dcd28297fa47
  • ImageMagick-libs-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:4145252c12a35b3ac6fddee2ba9581e0e699f85f968d711d158b0a3ab4a604ef
  • ImageMagick-perl-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:90a2b51b2c965c700ca55c7382997099364a8616190216cf9794ff0383f0c2e1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.