{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"ImageMagick security update", "category":"general", "title":"Synopsis" }, { "text":"An update for ImageMagick is now available for openEuler-24.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nImageMagick contains a heap buffer overflow vulnerability when parsing XML. An attacker can exploit this vulnerability to write a single zero byte to a heap buffer, potentially leading to memory corruption or remote code execution.(CVE-2026-33899)\n\nThe VIFF encoder in ImageMagick contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write that can result in a crash.(CVE-2026-33900)\n\nImageMagick is an open-source image processing software. A heap buffer overflow vulnerability exists in the MVG (Magick Vector Graphics) decoder of ImageMagick. Attackers can trigger this vulnerability through specially crafted MVG image files, which may lead to arbitrary code execution.(CVE-2026-33901)\n\nImageMagick is vulnerable to stack overflow when processing recursive FX expressions. An attacker can cause stack overflow through specially crafted FX expressions, potentially leading to denial of service or arbitrary code execution.(CVE-2026-33902)\n\nImageMagick has an out-of-bounds read vulnerability in the sample operation. Attackers can exploit this vulnerability to read memory data beyond allocated boundaries, which may lead to information disclosure or application crashes.(CVE-2026-33905)\n\nThe DestroyXMLTree function in ImageMagick contains an uncontrolled recursion vulnerability (CWE-674). An attacker can trigger a stack overflow via specially crafted XML files, potentially leading to denial of service or arbitrary code execution. This vulnerability affects all versions prior to ImageMagick 7.1.2-19 and all versions prior to 6.9.13-44.(CVE-2026-33908)\n\nImageMagick has a heap buffer overflow vulnerability in the YAML and JSON encoders, which could allow attackers to execute arbitrary code or cause application crashes.(CVE-2026-40169)\n\nImageMagick has a heap buffer overflow vulnerability when encoding JXL images with 16-bit floating-point data. An attacker can exploit this vulnerability by crafting a malicious JXL image file, triggering buffer overflow that may lead to arbitrary code execution or application crash.(CVE-2026-40183)\n\nA heap out-of-bounds write vulnerability exists in the JP2 encoder of ImageMagick. Attackers could exploit this vulnerability by crafting malicious JP2 image files, leading to heap memory corruption that could potentially execute arbitrary code or cause application crashes.(CVE-2026-40310)\n\nA heap-use-after-free vulnerability exists in ImageMagick when processing XMP profile data. This vulnerability could be exploited by an attacker to cause a crash or potentially execute arbitrary code when printing values from the XMP profile.(CVE-2026-40311)\n\nImageMagick is an open-source image processing software. A vulnerability exists in the MSL (Magick Scripting Language) decoder where an off-by-one error occurs. An attacker can craft a malicious MSL file that leads to out-of-bounds write, potentially causing application crash or arbitrary code execution.(CVE-2026-40312)", "category":"general", "title":"Description" }, { "text":"An update for ImageMagick is now available for openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"ImageMagick", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1919", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1919" }, { "summary":"CVE-2026-33899", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-33899&packageName=ImageMagick" }, { "summary":"CVE-2026-33900", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-33900&packageName=ImageMagick" }, { "summary":"CVE-2026-33901", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-33901&packageName=ImageMagick" }, { "summary":"CVE-2026-33902", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-33902&packageName=ImageMagick" }, { "summary":"CVE-2026-33905", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-33905&packageName=ImageMagick" }, { "summary":"CVE-2026-33908", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-33908&packageName=ImageMagick" }, { "summary":"CVE-2026-40169", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-40169&packageName=ImageMagick" }, { "summary":"CVE-2026-40183", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-40183&packageName=ImageMagick" }, { "summary":"CVE-2026-40310", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-40310&packageName=ImageMagick" }, { "summary":"CVE-2026-40311", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-40311&packageName=ImageMagick" }, { "summary":"CVE-2026-40312", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-40312&packageName=ImageMagick" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33899" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33900" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33901" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33902" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33905" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33908" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40169" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40183" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40310" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40311" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40312" }, { "summary":"openEuler-SA-2026-1919 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1919.json" } ], "title":"An update for ImageMagick is now available for openEuler-24.03-LTS-SP3", "tracking":{ "initial_release_date":"2026-04-17T21:04:21+08:00", "revision_history":[ { "date":"2026-04-17T21:04:21+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-04-17T21:04:21+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-04-17T21:04:21+08:00", "id":"openEuler-SA-2026-1919", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-help-7.1.2.19-1.oe2403sp3.noarch.rpm", "name":"ImageMagick-help-7.1.2.19-1.oe2403sp3.noarch.rpm" }, "name":"ImageMagick-help-7.1.2.19-1.oe2403sp3.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-7.1.2.19-1.oe2403sp3.aarch64.rpm", "name":"ImageMagick-7.1.2.19-1.oe2403sp3.aarch64.rpm" }, "name":"ImageMagick-7.1.2.19-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-c++-7.1.2.19-1.oe2403sp3.aarch64.rpm", "name":"ImageMagick-c++-7.1.2.19-1.oe2403sp3.aarch64.rpm" }, "name":"ImageMagick-c++-7.1.2.19-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-c++-devel-7.1.2.19-1.oe2403sp3.aarch64.rpm", "name":"ImageMagick-c++-devel-7.1.2.19-1.oe2403sp3.aarch64.rpm" }, "name":"ImageMagick-c++-devel-7.1.2.19-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-debuginfo-7.1.2.19-1.oe2403sp3.aarch64.rpm", "name":"ImageMagick-debuginfo-7.1.2.19-1.oe2403sp3.aarch64.rpm" }, "name":"ImageMagick-debuginfo-7.1.2.19-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-debugsource-7.1.2.19-1.oe2403sp3.aarch64.rpm", "name":"ImageMagick-debugsource-7.1.2.19-1.oe2403sp3.aarch64.rpm" }, "name":"ImageMagick-debugsource-7.1.2.19-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-devel-7.1.2.19-1.oe2403sp3.aarch64.rpm", "name":"ImageMagick-devel-7.1.2.19-1.oe2403sp3.aarch64.rpm" }, "name":"ImageMagick-devel-7.1.2.19-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-perl-7.1.2.19-1.oe2403sp3.aarch64.rpm", "name":"ImageMagick-perl-7.1.2.19-1.oe2403sp3.aarch64.rpm" }, "name":"ImageMagick-perl-7.1.2.19-1.oe2403sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-7.1.2.19-1.oe2403sp3.src.rpm", "name":"ImageMagick-7.1.2.19-1.oe2403sp3.src.rpm" }, "name":"ImageMagick-7.1.2.19-1.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-7.1.2.19-1.oe2403sp3.x86_64.rpm", "name":"ImageMagick-7.1.2.19-1.oe2403sp3.x86_64.rpm" }, "name":"ImageMagick-7.1.2.19-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-c++-7.1.2.19-1.oe2403sp3.x86_64.rpm", "name":"ImageMagick-c++-7.1.2.19-1.oe2403sp3.x86_64.rpm" }, "name":"ImageMagick-c++-7.1.2.19-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-c++-devel-7.1.2.19-1.oe2403sp3.x86_64.rpm", "name":"ImageMagick-c++-devel-7.1.2.19-1.oe2403sp3.x86_64.rpm" }, "name":"ImageMagick-c++-devel-7.1.2.19-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-debuginfo-7.1.2.19-1.oe2403sp3.x86_64.rpm", "name":"ImageMagick-debuginfo-7.1.2.19-1.oe2403sp3.x86_64.rpm" }, "name":"ImageMagick-debuginfo-7.1.2.19-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-debugsource-7.1.2.19-1.oe2403sp3.x86_64.rpm", "name":"ImageMagick-debugsource-7.1.2.19-1.oe2403sp3.x86_64.rpm" }, "name":"ImageMagick-debugsource-7.1.2.19-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-devel-7.1.2.19-1.oe2403sp3.x86_64.rpm", "name":"ImageMagick-devel-7.1.2.19-1.oe2403sp3.x86_64.rpm" }, "name":"ImageMagick-devel-7.1.2.19-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"ImageMagick-perl-7.1.2.19-1.oe2403sp3.x86_64.rpm", "name":"ImageMagick-perl-7.1.2.19-1.oe2403sp3.x86_64.rpm" }, "name":"ImageMagick-perl-7.1.2.19-1.oe2403sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-help-7.1.2.19-1.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-help-7.1.2.19-1.oe2403sp3.noarch", "name":"ImageMagick-help-7.1.2.19-1.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-7.1.2.19-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-7.1.2.19-1.oe2403sp3.aarch64", "name":"ImageMagick-7.1.2.19-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-c++-7.1.2.19-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-c++-7.1.2.19-1.oe2403sp3.aarch64", "name":"ImageMagick-c++-7.1.2.19-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-c++-devel-7.1.2.19-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-c++-devel-7.1.2.19-1.oe2403sp3.aarch64", "name":"ImageMagick-c++-devel-7.1.2.19-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-debuginfo-7.1.2.19-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-debuginfo-7.1.2.19-1.oe2403sp3.aarch64", "name":"ImageMagick-debuginfo-7.1.2.19-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-debugsource-7.1.2.19-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-debugsource-7.1.2.19-1.oe2403sp3.aarch64", "name":"ImageMagick-debugsource-7.1.2.19-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-devel-7.1.2.19-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-devel-7.1.2.19-1.oe2403sp3.aarch64", "name":"ImageMagick-devel-7.1.2.19-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-perl-7.1.2.19-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-perl-7.1.2.19-1.oe2403sp3.aarch64", "name":"ImageMagick-perl-7.1.2.19-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-7.1.2.19-1.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-7.1.2.19-1.oe2403sp3.src", "name":"ImageMagick-7.1.2.19-1.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-7.1.2.19-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-7.1.2.19-1.oe2403sp3.x86_64", "name":"ImageMagick-7.1.2.19-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-c++-7.1.2.19-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-c++-7.1.2.19-1.oe2403sp3.x86_64", "name":"ImageMagick-c++-7.1.2.19-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-c++-devel-7.1.2.19-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-c++-devel-7.1.2.19-1.oe2403sp3.x86_64", "name":"ImageMagick-c++-devel-7.1.2.19-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-debuginfo-7.1.2.19-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-debuginfo-7.1.2.19-1.oe2403sp3.x86_64", "name":"ImageMagick-debuginfo-7.1.2.19-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-debugsource-7.1.2.19-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-debugsource-7.1.2.19-1.oe2403sp3.x86_64", "name":"ImageMagick-debugsource-7.1.2.19-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-devel-7.1.2.19-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-devel-7.1.2.19-1.oe2403sp3.x86_64", "name":"ImageMagick-devel-7.1.2.19-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"ImageMagick-perl-7.1.2.19-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:ImageMagick-perl-7.1.2.19-1.oe2403sp3.x86_64", "name":"ImageMagick-perl-7.1.2.19-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-33899", "notes":[ { "text":"ImageMagick contains a heap buffer overflow vulnerability when parsing XML. An attacker can exploit this vulnerability to write a single zero byte to a heap buffer, potentially leading to memory corruption or remote code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:ImageMagick-help-7.1.2.19-1.oe2403sp3.noarch", "openEuler-24.03-LTS-SP3:ImageMagick-7.1.2.19-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:ImageMagick-c++-7.1.2.19-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:ImageMagick-c++-devel-7.1.2.19-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:ImageMagick-debuginfo-7.1.2.19-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:ImageMagick-debugsource-7.1.2.19-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:ImageMagick-devel-7.1.2.19-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:ImageMagick-perl-7.1.2.19-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:ImageMagick-7.1.2.19-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:ImageMagick-7.1.2.19-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:ImageMagick-c++-7.1.2.19-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:ImageMagick-c++-devel-7.1.2.19-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:ImageMagick-debuginfo-7.1.2.19-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:ImageMagick-debugsource-7.1.2.19-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:ImageMagick-devel-7.1.2.19-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:ImageMagick-perl-7.1.2.19-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1919" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-33899" }, { "cve":"CVE-2026-33900", "notes":[ { "text":"The VIFF encoder in ImageMagick contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write that can result in a crash.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1919" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.9, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-33900" }, { "cve":"CVE-2026-33901", "notes":[ { "text":"ImageMagick is an open-source image processing software. A heap buffer overflow vulnerability exists in the MVG (Magick Vector Graphics) decoder of ImageMagick. Attackers can trigger this vulnerability through specially crafted MVG image files, which may lead to arbitrary code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1919" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-33901" }, { "cve":"CVE-2026-33902", "notes":[ { "text":"ImageMagick is vulnerable to stack overflow when processing recursive FX expressions. An attacker can cause stack overflow through specially crafted FX expressions, potentially leading to denial of service or arbitrary code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1919" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-33902" }, { "cve":"CVE-2026-33905", "notes":[ { "text":"ImageMagick has an out-of-bounds read vulnerability in the sample operation. Attackers can exploit this vulnerability to read memory data beyond allocated boundaries, which may lead to information disclosure or application crashes.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1919" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-33905" }, { "cve":"CVE-2026-33908", "notes":[ { "text":"The DestroyXMLTree function in ImageMagick contains an uncontrolled recursion vulnerability (CWE-674). An attacker can trigger a stack overflow via specially crafted XML files, potentially leading to denial of service or arbitrary code execution. This vulnerability affects all versions prior to ImageMagick 7.1.2-19 and all versions prior to 6.9.13-44.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1919" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-33908" }, { "cve":"CVE-2026-40169", "notes":[ { "text":"ImageMagick has a heap buffer overflow vulnerability in the YAML and JSON encoders, which could allow attackers to execute arbitrary code or cause application crashes.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1919" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.2, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-40169" }, { "cve":"CVE-2026-40183", "notes":[ { "text":"ImageMagick has a heap buffer overflow vulnerability when encoding JXL images with 16-bit floating-point data. An attacker can exploit this vulnerability by crafting a malicious JXL image file, triggering buffer overflow that may lead to arbitrary code execution or application crash.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1919" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-40183" }, { "cve":"CVE-2026-40310", "notes":[ { "text":"A heap out-of-bounds write vulnerability exists in the JP2 encoder of ImageMagick. Attackers could exploit this vulnerability by crafting malicious JP2 image files, leading to heap memory corruption that could potentially execute arbitrary code or cause application crashes.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1919" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-40310" }, { "cve":"CVE-2026-40311", "notes":[ { "text":"A heap-use-after-free vulnerability exists in ImageMagick when processing XMP profile data. This vulnerability could be exploited by an attacker to cause a crash or potentially execute arbitrary code when printing values from the XMP profile.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1919" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-40311" }, { "cve":"CVE-2026-40312", "notes":[ { "text":"ImageMagick is an open-source image processing software. A vulnerability exists in the MSL (Magick Scripting Language) decoder where an off-by-one error occurs. An attacker can craft a malicious MSL file that leads to out-of-bounds write, potentially causing application crash or arbitrary code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1919" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.2, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-40312" } ] }