[CLSA-2026:1783591738] Fix of 12 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-09 10:09:27 UTC
Description:
* SECURITY UPDATE: out-of-bounds read when writing an IPTC output file (single-byte over-read) - debian/patches/CVE-2026-42326.patch: tighten the IPTC tag-length bound check in GetIPTCStream() in coders/meta.c - CVE-2026-42326 * SECURITY UPDATE: out-of-bounds over-read of 24 bytes during polynomial distortion - debian/patches/CVE-2026-45624.patch: validate the control-point argument count in GenerateCoefficients() in magick/distort.c - CVE-2026-45624 * SECURITY UPDATE: out-of-bounds write in the MIFF encoder when using LZMA compression - debian/patches/CVE-2026-46521.patch: include LZMAMaxExtent in the buffer-length computation and fail on LZMA-encoder errors in WriteMIFFImage() in coders/miff.c - CVE-2026-46521 * SECURITY UPDATE: stack overflow via a crafted MVG file (missing recursion-depth check) - debian/patches/CVE-2026-48734.patch: add a recursion-depth guard on nested MVG class expansion in RenderMVGContent() in magick/draw.c - CVE-2026-48734 * SECURITY UPDATE: heap buffer over-write in the MAT decoder on 32-bit systems (missing return-value check) - debian/patches/CVE-2026-48994.patch: check the quantum-format setters' return values and bail out on failure in ReadMATImageV4() in coders/mat.c - CVE-2026-48994 * SECURITY UPDATE: complete the CVE-2026-45664 MNG LOOP/ENDL loop-cap fix by releasing the chunk buffer before raising the resource-limit exception (heap memory leak on the loop-cap abort path) - debian/patches/CVE-2026-45664-1.patch: free chunk before both ThrowReaderException calls in ReadOneMNGImage() in coders/png.c - CVE-2026-45664
Updated packages:
  • imagemagick_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:78b3c1a1591284da614fdc9dcfe4bb52d6a9a555
  • imagemagick-6-common_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_all.deb
    sha:7817e639297f7a25ea64223a3383ab8fa820c83e
  • imagemagick-6-doc_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_all.deb
    sha:b094891fa089b36909a3f87fbf55eea18512fddf
  • imagemagick-6.q16_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:306977dbf9a4d99adc2a6e78d9a456cb2c09e5b7
  • imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:069274281257095bdbaa108dffeac3c4c394c047
  • imagemagick-common_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_all.deb
    sha:58d9d336e4980462c4a4ab1cffcbce8122c85355
  • imagemagick-doc_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_all.deb
    sha:e81a1f360fa9136d3e7e0ff85235741293ef2606
  • libimage-magick-perl_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_all.deb
    sha:20558151bb76b77ddb8e2bc00ffb53d5e51e7351
  • libimage-magick-q16-perl_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:d19aa26a52013e8577c741add008bc6b83d15e66
  • libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:a12563d8c93345705de595ac19b0ffc322c0e942
  • libmagick++-6-headers_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_all.deb
    sha:5b997a92e90c5ca56933c4b1bc814332cce61fb0
  • libmagick++-6.q16-8_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:7855948e5e07c2efd2b6f60dd6ea631f801e823d
  • libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:61f494848038b61d1aabe5e59f4d1e4b61cfd9f7
  • libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:48c765abdc983eefaedbc01259a657ddf5e9d480
  • libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:ef0063e2901666d082189adfde29a9b132a5e553
  • libmagick++-dev_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_all.deb
    sha:d465f3a13e85670e85bbe3e5d188cd628c9c321f
  • libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:06af25f37a68499add4de6a663a4229bc71d8782
  • libmagickcore-6-headers_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_all.deb
    sha:6c2b43cacc830ad9fd4a0985f2c4b4e5d4cee2fd
  • libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:49cf8cda04b2b5c960c156ac3a28dd8be0977110
  • libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:2ff7a79e1c4cefb3b5a7482b7ba5029f7615509a
  • libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:43aaa3c884c45ba9562e39da9d75c3d548d19b37
  • libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:95a7cb57cde28f1fc8a43627cd1d3b4763aab820
  • libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:4536253616a4953c23a5c02734204156cc183947
  • libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:d9442af0e116069fbfcda2f7a64efb7b4c58d7fa
  • libmagickcore-dev_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_all.deb
    sha:983033db97135f811faafb3f9a03a35b32b229bf
  • libmagickwand-6-headers_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_all.deb
    sha:7273f022516326cfbfcc2c42414a5479e42c19f9
  • libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:6d26d07c7664356a214ca659295ff6280c9455ad
  • libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:9f8e8f4decbe82fd911186a57d1b55e70e63f415
  • libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:6d11ff287aa142cc9cb666960e3f70e0902086cd
  • libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_amd64.deb
    sha:f4ff3bbccd6def802addef31e24a8148086eb2f7
  • libmagickwand-dev_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_all.deb
    sha:f4f57fc82eb4dcdb136a80f6ae23bcbc092cf173
  • perlmagick_6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els11_all.deb
    sha:8c94ca10ad5de35ef1e1addc02b0d1a7b86c3fa7
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.