CLSA-2026-1774010344

SECURITY UPDATE: stack buffer overflow in msl.c (attribute handling), path traversal bypass of security policy, XSS in HTML coder output, and MSL attribute overflow
- debian/patches/CVE-2026-25797CVE-2026-25965CVE-2026-25968_CVE-2026-25982.patch: Fix memory leaks, stack overflows, integer overflows and out‑of‑bounds reads; add bounds checks, validate DCM entry sizes, sanitize PostScript filenames, canonicalize paths and free resources; escape user-controlled strings written as raw HTML in the HTML coder; cause was unsafe header and filename parsing, incorrect assumptions about byte counts, path resolution, unnormalized path matching allowing policy bypass, and unescaped HTML output enabling cross-site scripting.
- CVE-2026-25797
- CVE-2026-25965
- CVE-2026-25968
- CVE-2026-25982
SECURITY UPDATE: null pointer dereference in msl.c (repage/roll handlers)
- debian/patches/CVE-2026-25983.patch: move image null‑checks before accessing image attributes in the repage and roll MSL tag handlers; cause was dereferencing the image pointer for page geometry and dimensions before verifying the image was defined.
- CVE-2026-25983
SECURITY UPDATE: infinite recursion via crafted MSL/SVG/MVG files
- debian/patches/CVE-2026-25971.patch: add global Splay tree guards in MSL and SVG coders to detect and reject recursive image references; block dangerous protocols (ftp, http, mvg, vid) in DrawPrimitive; cause was unbounded recursion through nested image reads.
- CVE-2026-25971
SECURITY UPDATE: null pointer dereference in msl.c (comment/label handlers)
- debian/patches/CVE-2026-23952.patch: add image null-checks before accessing image properties in the comment and label MSL end-element handlers; cause was dereferencing the image pointer for DeleteImageProperty before verifying the image was defined.
- CVE-2026-23952
SECURITY UPDATE: MSLPushImage return value not captured
- debian/patches/CVE-2026-25988.patch: change MSLPushImage to return the new image index and capture the return value in the MSL image tag handler; cause was the local index variable not being updated after pushing a new image onto the stack.
- CVE-2026-25988

References

https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2026-1774010344.html

Affected packages

TuxCare:Ubuntu:16.04

imagemagick

Package

Name: imagemagick
Purl: pkg:deb/tuxcare/imagemagick?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

imagemagick-6.q16

Package

Name: imagemagick-6.q16
Purl: pkg:deb/tuxcare/imagemagick-6.q16?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

imagemagick-common

Package

Name: imagemagick-common
Purl: pkg:deb/tuxcare/imagemagick-common?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

imagemagick-doc

Package

Name: imagemagick-doc
Purl: pkg:deb/tuxcare/imagemagick-doc?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libimage-magick-perl

Package

Name: libimage-magick-perl
Purl: pkg:deb/tuxcare/libimage-magick-perl?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libimage-magick-q16-perl

Package

Name: libimage-magick-q16-perl
Purl: pkg:deb/tuxcare/libimage-magick-q16-perl?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libmagick++-6-headers

Package

Name: libmagick++-6-headers
Purl: pkg:deb/tuxcare/libmagick++-6-headers?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libmagick++-6.q16-5v5

Package

Name: libmagick++-6.q16-5v5
Purl: pkg:deb/tuxcare/libmagick++-6.q16-5v5?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libmagick++-6.q16-dev

Package

Name: libmagick++-6.q16-dev
Purl: pkg:deb/tuxcare/libmagick++-6.q16-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libmagick++-dev

Package

Name: libmagick++-dev
Purl: pkg:deb/tuxcare/libmagick++-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libmagickcore-6-arch-config

Package

Name: libmagickcore-6-arch-config
Purl: pkg:deb/tuxcare/libmagickcore-6-arch-config?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libmagickcore-6-headers

Package

Name: libmagickcore-6-headers
Purl: pkg:deb/tuxcare/libmagickcore-6-headers?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libmagickcore-6.q16-2

Package

Name: libmagickcore-6.q16-2
Purl: pkg:deb/tuxcare/libmagickcore-6.q16-2?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libmagickcore-6.q16-2-extra

Package

Name: libmagickcore-6.q16-2-extra
Purl: pkg:deb/tuxcare/libmagickcore-6.q16-2-extra?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libmagickcore-6.q16-dev

Package

Name: libmagickcore-6.q16-dev
Purl: pkg:deb/tuxcare/libmagickcore-6.q16-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libmagickcore-dev

Package

Name: libmagickcore-dev
Purl: pkg:deb/tuxcare/libmagickcore-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libmagickwand-6-headers

Package

Name: libmagickwand-6-headers
Purl: pkg:deb/tuxcare/libmagickwand-6-headers?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libmagickwand-6.q16-2

Package

Name: libmagickwand-6.q16-2
Purl: pkg:deb/tuxcare/libmagickwand-6.q16-2?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libmagickwand-6.q16-dev

Package

Name: libmagickwand-6.q16-dev
Purl: pkg:deb/tuxcare/libmagickwand-6.q16-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

libmagickwand-dev

Package

Name: libmagickwand-dev
Purl: pkg:deb/tuxcare/libmagickwand-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"

perlmagick

Package

Name: perlmagick
Purl: pkg:deb/tuxcare/perlmagick?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.8.9.9-7ubuntu5.17+tuxcare.els39

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1774010344.json"