{"id":"OESA-2026-1917","summary":"ImageMagick security update","details":"Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\n\nImageMagick contains a heap buffer overflow vulnerability when parsing XML. An attacker can exploit this vulnerability to write a single zero byte to a heap buffer, potentially leading to memory corruption or remote code execution.(CVE-2026-33899)\n\nThe VIFF encoder in ImageMagick contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write that can result in a crash.(CVE-2026-33900)\n\nImageMagick is an open-source image processing software. A heap buffer overflow vulnerability exists in the MVG (Magick Vector Graphics) decoder of ImageMagick. Attackers can trigger this vulnerability through specially crafted MVG image files, which may lead to arbitrary code execution.(CVE-2026-33901)\n\nImageMagick is vulnerable to stack overflow when processing recursive FX expressions. An attacker can cause stack overflow through specially crafted FX expressions, potentially leading to denial of service or arbitrary code execution.(CVE-2026-33902)\n\nImageMagick has an out-of-bounds read vulnerability in the sample operation. Attackers can exploit this vulnerability to read memory data beyond allocated boundaries, which may lead to information disclosure or application crashes.(CVE-2026-33905)\n\nThe DestroyXMLTree function in ImageMagick contains an uncontrolled recursion vulnerability (CWE-674). An attacker can trigger a stack overflow via specially crafted XML files, potentially leading to denial of service or arbitrary code execution. This vulnerability affects all versions prior to ImageMagick 7.1.2-19 and all versions prior to 6.9.13-44.(CVE-2026-33908)\n\nImageMagick has a heap buffer overflow vulnerability in the YAML and JSON encoders, which could allow attackers to execute arbitrary code or cause application crashes.(CVE-2026-40169)\n\nImageMagick has a heap buffer overflow vulnerability when encoding JXL images with 16-bit floating-point data. An attacker can exploit this vulnerability by crafting a malicious JXL image file, triggering buffer overflow that may lead to arbitrary code execution or application crash.(CVE-2026-40183)\n\nA heap out-of-bounds write vulnerability exists in the JP2 encoder of ImageMagick. Attackers could exploit this vulnerability by crafting malicious JP2 image files, leading to heap memory corruption that could potentially execute arbitrary code or cause application crashes.(CVE-2026-40310)\n\nA heap-use-after-free vulnerability exists in ImageMagick when processing XMP profile data. This vulnerability could be exploited by an attacker to cause a crash or potentially execute arbitrary code when printing values from the XMP profile.(CVE-2026-40311)\n\nImageMagick is an open-source image processing software. A vulnerability exists in the MSL (Magick Scripting Language) decoder where an off-by-one error occurs. An attacker can craft a malicious MSL file that leads to out-of-bounds write, potentially causing application crash or arbitrary code execution.(CVE-2026-40312)","modified":"2026-04-17T13:19:54.346823Z","published":"2026-04-17T12:59:53Z","upstream":["CVE-2026-33899","CVE-2026-33900","CVE-2026-33901","CVE-2026-33902","CVE-2026-33905","CVE-2026-33908","CVE-2026-40169","CVE-2026-40183","CVE-2026-40310","CVE-2026-40311","CVE-2026-40312"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1917"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33899"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33900"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33901"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33902"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33905"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33908"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40169"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40183"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40310"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40311"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40312"}],"affected":[{"package":{"name":"ImageMagick","ecosystem":"openEuler:24.03-LTS-SP1","purl":"pkg:rpm/openEuler/ImageMagick&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.1.2.19-1.oe2403sp1"}]}],"ecosystem_specific":{"x86_64":["ImageMagick-7.1.2.19-1.oe2403sp1.x86_64.rpm","ImageMagick-c++-7.1.2.19-1.oe2403sp1.x86_64.rpm","ImageMagick-c++-devel-7.1.2.19-1.oe2403sp1.x86_64.rpm","ImageMagick-debuginfo-7.1.2.19-1.oe2403sp1.x86_64.rpm","ImageMagick-debugsource-7.1.2.19-1.oe2403sp1.x86_64.rpm","ImageMagick-devel-7.1.2.19-1.oe2403sp1.x86_64.rpm","ImageMagick-perl-7.1.2.19-1.oe2403sp1.x86_64.rpm"],"noarch":["ImageMagick-help-7.1.2.19-1.oe2403sp1.noarch.rpm"],"aarch64":["ImageMagick-7.1.2.19-1.oe2403sp1.aarch64.rpm","ImageMagick-c++-7.1.2.19-1.oe2403sp1.aarch64.rpm","ImageMagick-c++-devel-7.1.2.19-1.oe2403sp1.aarch64.rpm","ImageMagick-debuginfo-7.1.2.19-1.oe2403sp1.aarch64.rpm","ImageMagick-debugsource-7.1.2.19-1.oe2403sp1.aarch64.rpm","ImageMagick-devel-7.1.2.19-1.oe2403sp1.aarch64.rpm","ImageMagick-perl-7.1.2.19-1.oe2403sp1.aarch64.rpm"],"src":["ImageMagick-7.1.2.19-1.oe2403sp1.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-1917.json"}}],"schema_version":"1.7.5"}