[CLSA-2026:1777395036] ImageMagick: Fix of 2 CVEs
Type:
security
Severity:
Critical
Release date:
2026-04-28 16:50:40 UTC
Description:
- CVE-2026-33900: integer truncation/wraparound in the viff encoder that could trigger an out-of-bounds heap write on 32-bit builds (GHSA-v67w-737x-v2c9; upstream b6c01a5a23f1e350ebe2db78c7cc326db2e320c9) - CVE-2026-33905: out-of-bounds read in SampleImage when sample:offset is set via -sample define (GHSA-pcvx-ph33-r5vv; upstream 140fc7b01fa7d870b3bc8453fb7adccfb7c1e202 with follow-up 8d73954bf7e13a352e71a32cf7d18905577f17e8)
Updated packages:
  • ImageMagick-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:15e54c4b4515efce65fca064ae7d3fd6becc8ad2e88f96ff0e9493f39c976861
  • ImageMagick-c++-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:d6a3762cd89abc37c2d4388f9004959935027ec77540c78eb366784399583856
  • ImageMagick-c++-devel-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:a87e616319a917902cee9897fa6cafbeefefcf6369effc8b08e3024f580f48c6
  • ImageMagick-devel-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:394ff3bd0734a25616446928cb48f6625afecb684a2f1e31f13a16d3ccfae892
  • ImageMagick-djvu-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:f8fee769c50333c6bc76fb2be420a788cbd94685bbe488ab065468c0627b728e
  • ImageMagick-doc-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:33555353d798aad4b08a73cde1d224a757570dded6dff7cc32a46b6ef49507ef
  • ImageMagick-libs-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:c9a2d11974a290d057d10e90d2deb27c019f793478cafe2d3ba7de8ef78cd25d
  • ImageMagick-perl-6.9.13.25-1.el8.tuxcare.els28.x86_64.rpm
    sha:f1d5094c6833d0fefb4b6a9d8d952a40d62706ff480bfc382c7aecd77c1bb070
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.