{"id":"CLSA-2026-1773923672","summary":"ImageMagick: Fix of 11 CVEs","details":"- CVE-2026-25797: fix PostScript/HTML code injection via unsanitized filenames\n- CVE-2026-25982: fix heap out-of-bounds read in DICOM colormap decoder\n- CVE-2026-25968: fix stack buffer overflow in MSL opacity attribute processing\n- CVE-2026-25986: fix heap buffer overflow write in YUV 4:2:2 decoder\n- CVE-2026-25987: fix heap buffer over-read in MAP image decoder\n- CVE-2026-25970: fix signed integer overflow in SIXEL decoder\n- CVE-2026-23952: fix NULL pointer dereference in MSL comment/label handlers\n- CVE-2026-30883: fix heap buffer overflow in PNG profile writer\n- CVE-2026-25988: fix MSL stack index not updated causing memory leak\n- CVE-2026-27798: fix heap buffer over-read in WaveletDenoiseImage\n- CVE-2026-25965: fix path traversal bypassing security policy","modified":"2026-06-01T00:33:27.077887870Z","published":"2026-03-19T15:02:22Z","upstream":["CVE-2026-25797","CVE-2026-25982","CVE-2026-25968","CVE-2026-25986","CVE-2026-25987","CVE-2026-25970","CVE-2026-23952","CVE-2026-30883","CVE-2026-25988","CVE-2026-27798","CVE-2026-25965"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/oraclelinux7els/CLSA-2026-1773923672.html"}],"affected":[{"package":{"name":"ImageMagick","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/ImageMagick?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.9.10.68-7.0.3.el7_9.tuxcare.els6"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1773923672.json"}},{"package":{"name":"ImageMagick-c++","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/ImageMagick-c++?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.9.10.68-7.0.3.el7_9.tuxcare.els6"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1773923672.json"}},{"package":{"name":"ImageMagick-c++-devel","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/ImageMagick-c++-devel?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.9.10.68-7.0.3.el7_9.tuxcare.els6"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1773923672.json"}},{"package":{"name":"ImageMagick-devel","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/ImageMagick-devel?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.9.10.68-7.0.3.el7_9.tuxcare.els6"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1773923672.json"}},{"package":{"name":"ImageMagick-doc","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/ImageMagick-doc?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.9.10.68-7.0.3.el7_9.tuxcare.els6"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1773923672.json"}},{"package":{"name":"ImageMagick-perl","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/ImageMagick-perl?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.9.10.68-7.0.3.el7_9.tuxcare.els6"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1773923672.json"}}],"schema_version":"1.7.5"}