Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2026-2050: When parsing an HDR image file, the function [rgbe_read_new_rle gegl/libs/rgbe/rgbe.c] contains HEAP Based Buffer Overflow vulnerability that can lead to remote code execution.
CVE-2026-2049:
The rgbe_read_new_rle function in gegl/libs/rgbe/rgbe.c has a heap buffer overflow vulnerability during HDR image parsing that may allow remote code execution.
0.2.0-19.amzn2.1.20.2.0-19.amzn2.1.20.2.0-19.amzn2.1.2