openEuler-SA-2026-2388

Synopsis:

ImageMagick security updateSummary:

An update for ImageMagick is now available for openEuler-22.03-LTS-SP4Description:

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.

Security Fix(es):

(CVE-2026-42326)

(CVE-2026-45031)

(CVE-2026-45358)

(CVE-2026-45359)

(CVE-2026-45624)

(CVE-2026-45664)

(CVE-2026-46520)

(CVE-2026-46521)

(CVE-2026-46522)

(CVE-2026-46523)

(CVE-2026-46557)

(CVE-2026-46559)

(CVE-2026-46692)

(CVE-2026-46693)

ImageMagick versions prior to 7.1.2-23 and 6.9.13-48 do not implement a challenge-response authentication model for the distributed pixel cache server. Originally designed to operate without authentication, a local attacker with high privileges may exploit this flaw to access sensitive pixel data in the distributed pixel cache, resulting in information disclosure.(CVE-2026-47165)

An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This vulnerability affects ImageMagick versions prior to 7.1.2-23 and 6.9.13-48, and could lead to information disclosure or denial of service.(CVE-2026-47166)Topic:

An update for ImageMagick is now available for openEuler-22.03-LTS-SP4.

openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:

HighAffected Component:

ImageMagick