[CLSA-2026:1782908853] ImageMagick: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-01 12:27:49 UTC
Description:
- CVE-2026-33901: out-of-bounds heap write in the MVG decoder (RenderMVGContent) when copying oversized gradient/pattern bodies into the token buffer - CVE-2026-33908: stack exhaustion via uncontrolled recursion in DestroyXMLTree when freeing a deeply nested XML document
Updated packages:
  • ImageMagick-6.9.13.25-1.el8.tuxcare.els34.x86_64.rpm
    sha:e494b9397d0c6ff25bfcd917a0ad35c5028d58cc93e2a40bd5174025432b6555
  • ImageMagick-c++-6.9.13.25-1.el8.tuxcare.els34.x86_64.rpm
    sha:1450772cd6d410f3c2ba4782374680dba5c9b9a335c736185bd0dc1f37356032
  • ImageMagick-c++-devel-6.9.13.25-1.el8.tuxcare.els34.x86_64.rpm
    sha:d209db12c95fe3bc870cacba49d94ae9b74818a811c467f80eaf751258b1b648
  • ImageMagick-devel-6.9.13.25-1.el8.tuxcare.els34.x86_64.rpm
    sha:7e759096e772975bdbc44e3553ddf3d8b914a09de82eca3c31d09a9d06479cf5
  • ImageMagick-djvu-6.9.13.25-1.el8.tuxcare.els34.x86_64.rpm
    sha:2f19ffafb8730d31338dbf8af098a1370bfed77a83bd1ea204af64cf95e3a7b3
  • ImageMagick-doc-6.9.13.25-1.el8.tuxcare.els34.x86_64.rpm
    sha:6ceed7a75a5cd4f40f284e4cf7376c9addb0eb1689b9456177a4dc586a2c83e6
  • ImageMagick-libs-6.9.13.25-1.el8.tuxcare.els34.x86_64.rpm
    sha:495fb329683238c34a0f101de44076ce16646a9b85e48727ed596166ea6cbfff
  • ImageMagick-perl-6.9.13.25-1.el8.tuxcare.els34.x86_64.rpm
    sha:e243b73af91be55fc82cf73952eb61287f253f5734edd59c06b9a3b1ca18c633
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.