Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Mageia ImageMagick Critical Code Injection Buffer Overflow Vuln 2026-0252

mageia
Calendar Grey July 14, 2026
Dist Mageia Esm H88
This Mageia advisory details critical updates for ImageMagick, addressing multiple security flaws impacting system integrity and stability.
Security update

Summary

Description: The updated packages fix numerous security vulnerabilities: Code injection in HTML encoder due to incomplete fix of CVE-2026-25797. (CVE-2026-25797) Heap Buffer Underwrite in Floyd-Steinberg depth dithering. (CVE-2026-48724) Infinite Loop in subimage-search with crafted image. (CVE-2026-48733) Stack Overflow in MVG decoder. (CVE-2026-48734) Policy Bypass in DCM decoder could result in image with invalid dimensions. (CVE-2026-49218) Policy Bypass can read disallowed files. (CVE-2026-49219) Heap Buffer Over-Write in MAT decoder on 32-bit systems. (CVE-2026-48994) Policy Bypass can trigger out-of-Memory condition. (CVE-2026-53460) Heap Buffer Over-Write in ICON decoder due to incorrect loop. (CVE-2026-53461) Use-After-Free when allocation in CheckPrimitiveExtent fails. (CVE-2026-53462) Null Pointer Dereference in distort operation when passing incorrect arguments. (CVE-2026-53463) Memory Leak in wand option parser when providing invalid arguments. (CVE-2026-53464) Heap Buf...

References

- https://bugs.mageia.org/show_bug.cgi?id=35866

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2hhq-c99x-492r

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h36c-3666-h489

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5v62-8fq6-cp9m

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm48-c7f2-v67p

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8pj9-6897-74xc

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xcjm-wqff-m669

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4v89-6mgq-6rgc

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q62c-h75r-2xhc

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g22q-f7gc-5jhr

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-px7q-ggqj-hcf2

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p9rq-q46c-g4x6

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j989-f892-2335

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-44cp-c3ww-9rv5

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h5r4-w88w-7ccr

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h58x-r7f7-rh84

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-m596-67p7-69wh

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r628-69v2-2f9c

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h7f2-f9cc-h2gv

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jfq9-q63x-rc63

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-99w9-hv66-rfv7

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j8rh-v2r8-v94x

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7c7m-fpjw-gwcq

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6vxp-gfwf-hcr9

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hwf3-r46v-5ggx

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8g53-9m3c-69xg

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvxh-prvr-85w2

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6jwg-7q3p-5fqm

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-ff5c-8x9r-8qcw

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vghg-5jrg-2398

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v3j6-27vc-7pw2

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh5g-q395-cx4j

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hc76-7mpc-qjqh

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56m6-8q75-f2rw

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rvhp-75f6-9jqh

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mx48-2qq3-23hf

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-76q6-2p6h-xjqr

- https://www.cve.org/CVERecord?id=CVE-2026-48724

- https://www.cve.org/CVERecord?id=CVE-2026-48733

- https://www.cve.org/CVERecord?id=CVE-2026-48734

- https://www.cve.org/CVERecord?id=CVE-2026-49218

- https://www.cve.org/CVERecord?id=CVE-2026-49219

- https://www.cve.org/CVERecord?id=CVE-2026-48994

- https://www.cve.org/CVERecord?id=CVE-2026-53460

- https://www.cve.org/CVERecord?id=CVE-2026-53461

- https://www.cve.org/CVERecord?id=CVE-2026-53462

- https://www.cve.org/CVERecord?id=CVE-2026-53463

- https://www.cve.org/CVERecord?id=CVE-2026-53464

- https://www.cve.org/CVERecord?id=CVE-2026-53465

- https://www.cve.org/CVERecord?id=CVE-2026-53466

- https://www.cve.org/CVERecord?id=CVE-2026-53467

- https://www.cve.org/CVERecord?id=CVE-2026-55510

- https://www.cve.org/CVERecord?id=CVE-2026-55628

- https://www.cve.org/CVERecord?id=CVE-2026-55594

- https://www.cve.org/CVERecord?id=CVE-2026-55595

- https://www.cve.org/CVERecord?id=CVE-2026-55597

- https://www.cve.org/CVERecord?id=CVE-2026-25797

- https://www.cve.org/CVERecord?id=CVE-2026-55577

Resolution

SRPMS

- 10/core/imagemagick-7.1.2.27-1.mga10

- 10/tainted/imagemagick-7.1.2.27-1.mga10.tainted

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 14 Jul 2026 
URL: https://advisories.mageia.org/MGASA-2026-0252.html
Type: security
CVE: CVE-2026-48724, CVE-2026-48733, CVE-2026-48734, CVE-2026-49218, CVE-2026-49219, CVE-2026-48994, CVE-2026-53460, CVE-2026-53461, CVE-2026-53462, CVE-2026-53463, CVE-2026-53464, CVE-2026-53465, CVE-2026-53466, CVE-2026-53467, CVE-2026-55510, CVE-2026-55628, CVE-2026-55594, CVE-2026-55595, CVE-2026-55597, CVE-2026-25797, CVE-2026-55577

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.