OESA-2026-2643

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2643

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-2643.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2026-2643

Upstream

CVE-2026-53460

CVE-2026-53461

CVE-2026-53462

CVE-2026-53463

Published

2026-06-12T12:25:45Z

Modified

2026-06-12T12:45:10.757457980Z

Summary

ImageMagick security update

Details

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.

Security Fix(es):

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.(CVE-2026-53460)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.(CVE-2026-53461)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.(CVE-2026-53462)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.(CVE-2026-53463)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / ImageMagick

Package

Name: ImageMagick
Purl: pkg:rpm/openEuler/ImageMagick&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.9.13.50-1.oe2003sp4

Ecosystem specific

{
    "src": [
        "ImageMagick-6.9.13.50-1.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "ImageMagick-6.9.13.50-1.oe2003sp4.x86_64.rpm",
        "ImageMagick-c++-6.9.13.50-1.oe2003sp4.x86_64.rpm",
        "ImageMagick-c++-devel-6.9.13.50-1.oe2003sp4.x86_64.rpm",
        "ImageMagick-debuginfo-6.9.13.50-1.oe2003sp4.x86_64.rpm",
        "ImageMagick-debugsource-6.9.13.50-1.oe2003sp4.x86_64.rpm",
        "ImageMagick-devel-6.9.13.50-1.oe2003sp4.x86_64.rpm",
        "ImageMagick-perl-6.9.13.50-1.oe2003sp4.x86_64.rpm"
    ],
    "aarch64": [
        "ImageMagick-6.9.13.50-1.oe2003sp4.aarch64.rpm",
        "ImageMagick-c++-6.9.13.50-1.oe2003sp4.aarch64.rpm",
        "ImageMagick-c++-devel-6.9.13.50-1.oe2003sp4.aarch64.rpm",
        "ImageMagick-debuginfo-6.9.13.50-1.oe2003sp4.aarch64.rpm",
        "ImageMagick-debugsource-6.9.13.50-1.oe2003sp4.aarch64.rpm",
        "ImageMagick-devel-6.9.13.50-1.oe2003sp4.aarch64.rpm",
        "ImageMagick-perl-6.9.13.50-1.oe2003sp4.aarch64.rpm"
    ],
    "noarch": [
        "ImageMagick-help-6.9.13.50-1.oe2003sp4.noarch.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-2643.json"