All errata/p11/ALT-PU-2026-8941-1
ALT-PU-2026-8941-1

Package update ImageMagick in branch p11

Version7.1.2.23-alt1
Task#418566
Published2026-06-08
Max severityHIGH
Severity:

Closed issues (32)

CVE-2026-42326
MEDIUM5.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xMEDIUM 5.1
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
References
CVE-2026-45031
MEDIUM5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other security limits would still apply. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References
CVE-2026-45358
MEDIUM5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
CVE-2026-45359
MEDIUM5.7

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been patched in versions 6.9.13-48 and 7.1.2-22.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xMEDIUM 5.7
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
References
CVE-2026-45624
MEDIUM5.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xMEDIUM 5.1
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
References
CVE-2026-45664
MEDIUM5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References
CVE-2026-46520
HIGH7.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out of bounds heap write can occur. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2026-46521
MEDIUM5.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References
CVE-2026-46522
HIGH7.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the issue.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2026-46557
MEDIUM6.2

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xMEDIUM 6.2
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2026-46559
MEDIUM4.0

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xMEDIUM 4.0
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References
CVE-2026-46692
MEDIUM4.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xMEDIUM 4.1
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
References
CVE-2026-46693
MEDIUM4.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xMEDIUM 4.1
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
References
CVE-2026-47165
MEDIUM4.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 and 7.1.2-23.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xMEDIUM 4.1
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
References
CVE-2026-47166
MEDIUM5.7

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

Published: 2026-06-10Modified: 2026-06-11
CVSS 3.xMEDIUM 5.7
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
References