OESA-2026-1038

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1038
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-1038.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-1038
Upstream
Published
2026-01-09T14:06:43Z
Modified
2026-01-09T14:30:05.845640Z
Summary
ImageMagick security update
Details

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.

Security Fix(es):

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.(CVE-2025-68618)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue.(CVE-2025-68950)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.(CVE-2025-69204)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:24.03-LTS-SP2 / ImageMagick

Package

Name
ImageMagick
Purl
pkg:rpm/openEuler/ImageMagick&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.1.2.12-1.oe2403sp2

Ecosystem specific 

{
    "x86_64": [
        "ImageMagick-7.1.2.12-1.oe2403sp2.x86_64.rpm",
        "ImageMagick-c++-7.1.2.12-1.oe2403sp2.x86_64.rpm",
        "ImageMagick-c++-devel-7.1.2.12-1.oe2403sp2.x86_64.rpm",
        "ImageMagick-debuginfo-7.1.2.12-1.oe2403sp2.x86_64.rpm",
        "ImageMagick-debugsource-7.1.2.12-1.oe2403sp2.x86_64.rpm",
        "ImageMagick-devel-7.1.2.12-1.oe2403sp2.x86_64.rpm",
        "ImageMagick-perl-7.1.2.12-1.oe2403sp2.x86_64.rpm"
    ],
    "src": [
        "ImageMagick-7.1.2.12-1.oe2403sp2.src.rpm"
    ],
    "noarch": [
        "ImageMagick-help-7.1.2.12-1.oe2403sp2.noarch.rpm"
    ],
    "aarch64": [
        "ImageMagick-7.1.2.12-1.oe2403sp2.aarch64.rpm",
        "ImageMagick-c++-7.1.2.12-1.oe2403sp2.aarch64.rpm",
        "ImageMagick-c++-devel-7.1.2.12-1.oe2403sp2.aarch64.rpm",
        "ImageMagick-debuginfo-7.1.2.12-1.oe2403sp2.aarch64.rpm",
        "ImageMagick-debugsource-7.1.2.12-1.oe2403sp2.aarch64.rpm",
        "ImageMagick-devel-7.1.2.12-1.oe2403sp2.aarch64.rpm",
        "ImageMagick-perl-7.1.2.12-1.oe2403sp2.aarch64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-1038.json"