OESA-2026-1037

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1037
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-1037.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-1037
Upstream
Published
2026-01-09T14:06:40Z
Modified
2026-01-09T14:30:06.493721Z
Summary
ImageMagick security update
Details

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.

Security Fix(es):

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.(CVE-2025-68618)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue.(CVE-2025-68950)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.(CVE-2025-69204)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:24.03-LTS-SP1 / ImageMagick

Package

Name
ImageMagick
Purl
pkg:rpm/openEuler/ImageMagick&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.1.2.12-1.oe2403sp1

Ecosystem specific 

{
    "x86_64": [
        "ImageMagick-7.1.2.12-1.oe2403sp1.x86_64.rpm",
        "ImageMagick-c++-7.1.2.12-1.oe2403sp1.x86_64.rpm",
        "ImageMagick-c++-devel-7.1.2.12-1.oe2403sp1.x86_64.rpm",
        "ImageMagick-debuginfo-7.1.2.12-1.oe2403sp1.x86_64.rpm",
        "ImageMagick-debugsource-7.1.2.12-1.oe2403sp1.x86_64.rpm",
        "ImageMagick-devel-7.1.2.12-1.oe2403sp1.x86_64.rpm",
        "ImageMagick-perl-7.1.2.12-1.oe2403sp1.x86_64.rpm"
    ],
    "src": [
        "ImageMagick-7.1.2.12-1.oe2403sp1.src.rpm"
    ],
    "noarch": [
        "ImageMagick-help-7.1.2.12-1.oe2403sp1.noarch.rpm"
    ],
    "aarch64": [
        "ImageMagick-7.1.2.12-1.oe2403sp1.aarch64.rpm",
        "ImageMagick-c++-7.1.2.12-1.oe2403sp1.aarch64.rpm",
        "ImageMagick-c++-devel-7.1.2.12-1.oe2403sp1.aarch64.rpm",
        "ImageMagick-debuginfo-7.1.2.12-1.oe2403sp1.aarch64.rpm",
        "ImageMagick-debugsource-7.1.2.12-1.oe2403sp1.aarch64.rpm",
        "ImageMagick-devel-7.1.2.12-1.oe2403sp1.aarch64.rpm",
        "ImageMagick-perl-7.1.2.12-1.oe2403sp1.aarch64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-1037.json"