{"id":"MGASA-2026-0117","summary":"Updated graphicsmagick packages fix security vulnerabilities","details":"ImageMagick has a heap overflow in the pcd decoder that leads to an out\nof bounds read. (CVE-2026-26284)\nImageMagick has an Out-of-Bounds write of a zero byte in its X11 display\ninteraction. (CVE-2026-33535)\n","modified":"2026-05-07T05:15:06.597940Z","published":"2026-05-07T05:06:13Z","upstream":["CVE-2026-26284","CVE-2026-33535"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0117.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35408"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/BMSWBU7XGK6MZYTE62GVV7BFJIH6PSZU/"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/NPVKK6XVDNZQVOOYGCEQVGQHUWYX64EY/"}],"affected":[{"package":{"name":"graphicsmagick","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/graphicsmagick?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.40-1.5.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0117.json"}},{"package":{"name":"graphicsmagick","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/graphicsmagick?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.40-1.5.mga9.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0117.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}