The updated packages fix numerous security vulnerabilities: Code injection in HTML encoder due to incomplete fix of CVE-2026-25797. (CVE-2026-25797) Heap Buffer Underwrite in Floyd-Steinberg depth dithering. (CVE-2026-48724) Infinite Loop in subimage-search with crafted image. (CVE-2026-48733) Stack Overflow in MVG decoder. (CVE-2026-48734) Policy Bypass in DCM decoder could result in image with invalid dimensions. (CVE-2026-49218) Policy Bypass can read disallowed files. (CVE-2026-49219) Heap Buffer Over-Write in MAT decoder on 32-bit systems. (CVE-2026-48994) Policy Bypass can trigger out-of-Memory condition. (CVE-2026-53460) Heap Buffer Over-Write in ICON decoder due to incorrect loop. (CVE-2026-53461) Use-After-Free when allocation in CheckPrimitiveExtent fails. (CVE-2026-53462) Null Pointer Dereference in distort operation when passing incorrect arguments. (CVE-2026-53463) Memory Leak in wand option parser when providing invalid arguments. (CVE-2026-53464) Heap Buffer Over-Write in SF3 encoder when writing multi-frame image. (CVE-2026-53465) Heap Buffer Over-Read in XCF decoder due to integer conversion overflow. (CVE-2026-53466) Information Disclosure in MNG decoder because allocated memory is left unchanged. (CVE-2026-53467) Use-After-Free in crafted 8BIM when identifying an image. (CVE-2026-55510) Heap Buffer Overflow in ImageMagick MVG decoder. (CVE-2026-55577) Stack Overflow in MVG decoder due to missing depth check. (CVE-2026-55594) Infinite Loop in connected-components when providing invalid arguments. (CVE-2026-55595) Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of arguments. (CVE-2026-55597) Policy Bypass in concatenate operation due to missing checks. (CVE-2026-55628)