[CLSA-2026:1783416127] ImageMagick: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-07 09:22:24 UTC
Description:
- CVE-2026-45664: complete AL2's Fix-CVE-2026-45664.patch (upstream 11ac03e5 only) with the follow-up fix 3d57d379 as Fix-CVE-2026-45664_2.patch, a hard MNG_MAX_LOOP_OPS cap on MNG LOOP/ENDL operations; the shipped ListLengthResource-gated guard defaults to unlimited and does not bound the loop-expansion DoS - CVE-2026-46520: complete AL2's Fix-CVE-2026-46520.patch (SetQuantumDepth guard only) with prerequisite upstream 7d1b54445 as Fix-CVE-2026-46520_2.patch, moving DestroyQuantumInfo after the do/while loop so the guard is reachable on multi-frame (adjoin) writes instead of dereferencing a freed pointer
Updated packages:
  • ImageMagick-6.9.10.97-1.amzn2.0.30.tuxcare.els2.i686.rpm
    sha:e2e20e8350a96067b1dda9cd2a42d8d227d2141553435605f65007a1dd5cd8fc
  • ImageMagick-6.9.10.97-1.amzn2.0.30.tuxcare.els2.x86_64.rpm
    sha:eac5f636c4141dc0e613682925cd3c9a45bda57ae85a0cecf2ba49bba651b286
  • ImageMagick-c++-6.9.10.97-1.amzn2.0.30.tuxcare.els2.i686.rpm
    sha:ee94844be633b963e0d83dda0f83f0e83b3974fd51d68c60783a471a265557cc
  • ImageMagick-c++-6.9.10.97-1.amzn2.0.30.tuxcare.els2.x86_64.rpm
    sha:c7b5992f96fb22b49ae4ed37f3bc84129ca6956d1c6092b487161dc51c6b834d
  • ImageMagick-c++-devel-6.9.10.97-1.amzn2.0.30.tuxcare.els2.x86_64.rpm
    sha:2bcf20c76ea71ec333624a11f93c505d49e6c2138d1fbadb7ad7f862d268f118
  • ImageMagick-devel-6.9.10.97-1.amzn2.0.30.tuxcare.els2.x86_64.rpm
    sha:fa3dcb34a526d4399f65df6e064fd9fe2d5755eb76a59eeaecdd8a4511b65186
  • ImageMagick-doc-6.9.10.97-1.amzn2.0.30.tuxcare.els2.x86_64.rpm
    sha:46fb1ee250f6e61d4e92e84f6e90e4a34dd726b1e3a7c9bdf62a6ffe6c57ae99
  • ImageMagick-perl-6.9.10.97-1.amzn2.0.30.tuxcare.els2.x86_64.rpm
    sha:3c67bcd6b2189b02b0a814c8edbcfc3b9b4bad00ba64db66a7eff86fff80d401
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.