OESA-2026-2387
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2387
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-2387.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2026-2387
- Upstream
- Published
- 2026-05-22T13:17:40Z
- Modified
- 2026-05-22T13:30:19.689120490Z
- Summary
- ImageMagick security update
- Details
-
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.
Security Fix(es):
(CVE-2026-42326)
(CVE-2026-45031)
(CVE-2026-45358)
(CVE-2026-45624)
(CVE-2026-45664)
(CVE-2026-46520)
(CVE-2026-46521)
(CVE-2026-46522)
(CVE-2026-46523)
(CVE-2026-46557)
(CVE-2026-46559)
(CVE-2026-46692)
(CVE-2026-46693)
ImageMagick versions prior to 7.1.2-23 and 6.9.13-48 do not implement a challenge-response authentication model for the distributed pixel cache server. Originally designed to operate without authentication, a local attacker with high privileges may exploit this flaw to access sensitive pixel data in the distributed pixel cache, resulting in information disclosure.(CVE-2026-47165)
An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This vulnerability affects ImageMagick versions prior to 7.1.2-23 and 6.9.13-48, and could lead to information disclosure or denial of service.(CVE-2026-47166)
- Database specific
{ "severity": "High" }- References
-
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2387
- https://nvd.nist.gov/vuln/detail/CVE-2026-42326
- https://nvd.nist.gov/vuln/detail/CVE-2026-45031
- https://nvd.nist.gov/vuln/detail/CVE-2026-45358
- https://nvd.nist.gov/vuln/detail/CVE-2026-45624
- https://nvd.nist.gov/vuln/detail/CVE-2026-45664
- https://nvd.nist.gov/vuln/detail/CVE-2026-46520
- https://nvd.nist.gov/vuln/detail/CVE-2026-46521
- https://nvd.nist.gov/vuln/detail/CVE-2026-46522
- https://nvd.nist.gov/vuln/detail/CVE-2026-46523
- https://nvd.nist.gov/vuln/detail/CVE-2026-46557
- https://nvd.nist.gov/vuln/detail/CVE-2026-46559
- https://nvd.nist.gov/vuln/detail/CVE-2026-46692
- https://nvd.nist.gov/vuln/detail/CVE-2026-46693
- https://nvd.nist.gov/vuln/detail/CVE-2026-47165
- https://nvd.nist.gov/vuln/detail/CVE-2026-47166
Affected packages
openEuler:20.03-LTS-SP4 / ImageMagick
Package
- Name
- ImageMagick
- Purl
- pkg:rpm/openEuler/ImageMagick&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.9.13.48-1.oe2003sp4
Ecosystem specific
{
"src": [
"ImageMagick-6.9.13.48-1.oe2003sp4.src.rpm"
],
"x86_64": [
"ImageMagick-6.9.13.48-1.oe2003sp4.x86_64.rpm",
"ImageMagick-c++-6.9.13.48-1.oe2003sp4.x86_64.rpm",
"ImageMagick-c++-devel-6.9.13.48-1.oe2003sp4.x86_64.rpm",
"ImageMagick-debuginfo-6.9.13.48-1.oe2003sp4.x86_64.rpm",
"ImageMagick-debugsource-6.9.13.48-1.oe2003sp4.x86_64.rpm",
"ImageMagick-devel-6.9.13.48-1.oe2003sp4.x86_64.rpm",
"ImageMagick-perl-6.9.13.48-1.oe2003sp4.x86_64.rpm"
],
"aarch64": [
"ImageMagick-6.9.13.48-1.oe2003sp4.aarch64.rpm",
"ImageMagick-c++-6.9.13.48-1.oe2003sp4.aarch64.rpm",
"ImageMagick-c++-devel-6.9.13.48-1.oe2003sp4.aarch64.rpm",
"ImageMagick-debuginfo-6.9.13.48-1.oe2003sp4.aarch64.rpm",
"ImageMagick-debugsource-6.9.13.48-1.oe2003sp4.aarch64.rpm",
"ImageMagick-devel-6.9.13.48-1.oe2003sp4.aarch64.rpm",
"ImageMagick-perl-6.9.13.48-1.oe2003sp4.aarch64.rpm"
],
"noarch": [
"ImageMagick-help-6.9.13.48-1.oe2003sp4.noarch.rpm"
]
}