Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3346 (ALAS-2026-3346)

🗓️ 08 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 2 Views

ImageMagick on Amazon Linux 2 before 6.9.10.97-1 has multiple vulnerabilities per ALAS2-2026-3346.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Amazon		Medium: ImageMagick
8 Jun 202600:00
amazon
AlpineLinux		CVE-2026-42326
18 May 202615:31
alpinelinux
AlpineLinux		CVE-2026-45031
18 May 202617:53
alpinelinux
AlpineLinux		CVE-2026-45358
18 May 202617:48
alpinelinux
AlpineLinux		CVE-2026-45359
18 May 202617:48
alpinelinux
AlpineLinux		CVE-2026-45624
18 May 202620:33
alpinelinux
AlpineLinux		CVE-2026-45664
18 May 202620:33
alpinelinux
AlpineLinux		CVE-2026-46520
18 May 202620:36
alpinelinux
AlpineLinux		CVE-2026-46521
18 May 202620:36
alpinelinux
AlpineLinux		CVE-2026-46522
17 May 202600:00
alpinelinux
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2026-3346.
##

include('compat.inc');

if (description)
{
  script_id(319815);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/08");

  script_cve_id(
    "CVE-2026-42326",
    "CVE-2026-45031",
    "CVE-2026-45358",
    "CVE-2026-45359",
    "CVE-2026-45624",
    "CVE-2026-45664",
    "CVE-2026-46520",
    "CVE-2026-46521",
    "CVE-2026-46522",
    "CVE-2026-46523",
    "CVE-2026-46559",
    "CVE-2026-46692",
    "CVE-2026-46693",
    "CVE-2026-47165",
    "CVE-2026-47166"
  );

  script_name(english:"Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3346 (ALAS-2026-3346)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2-2026-3346 advisory.

    When writing an IPTC output file a malicious input file could cause an out of bounds read of a single
    byte. (as per: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7wff-wpr6-vmhm)
    (CVE-2026-42326)

    Due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy
    when decoding a PSD image. Other security limits would still apply. (as per:
    https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cwpj-h54c-xjpx) (CVE-2026-45031)

    An of by one in the meta encoder could result in an out of bounds read of a single byte in the meta
    encoder. (as per: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr6r-hmj8-pr7r)
    (CVE-2026-45358)

    An invalid connected-components:keep-top value could result in a heap buffer over-read when performing the
    connected components operation (CVE-2026-45359)

    When performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying
    specific arguments. (CVE-2026-45624)

    Because of a missing check in the MNG coder it would be possible to read more images than the list limit
    policy would allow resulting in excessive resource use. (CVE-2026-45664)

    When reading multiple images with different dimensions an out of bounds heap write can occur. (as per:
    https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-36wm-hprc-mcf5) (CVE-2026-46520)

    When using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check.
    (as per: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jcqp-6r6f-3mfx)
    (CVE-2026-46521)

    Due to a missing check in the MIFF decoder a crafted file could cause an infinite loop resulting in CPU
    exhaustion. (CVE-2026-46522)

    A crafted MSL image can trigger a heap-use-after-free. (as per:
    https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5r4x-w6p5-222q) (CVE-2026-46523)

    An incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying
    certain options. (as per:
    https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-533m-3wf6-c33v) (CVE-2026-46559)

    An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in
    the server process. (as per:
    https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p93h-f2jc-477j) (CVE-2026-46692)

    An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the
    server process when a race condition is met. (as per:
    https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4g75-9r48-jf92) (CVE-2026-46693)

    The distributed pixel cache was originally designed to operate without a challenge-response authentication
    model. However, given today's heightened security expectations, we have changed our implementation.
    (CVE-2026-47165)

    An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the
    server process (as per:
    https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6gxq-f64p-5w6f) (CVE-2026-47166)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com//AL2/ALAS2-2026-3346.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42326.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-45031.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-45358.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-45359.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-45624.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-45664.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46520.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46521.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46522.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46523.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46559.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46692.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46693.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-47165.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-47166.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update ImageMagick' or
  or 'yum update --advisory ALAS2-2026-3346' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:M/C:C/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-47166");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/05/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ImageMagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ImageMagick-c++");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ImageMagick-c++-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ImageMagick-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ImageMagick-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ImageMagick-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ImageMagick-perl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'ImageMagick-6.9.10.97-1.amzn2.0.29', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-6.9.10.97-1.amzn2.0.29', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-6.9.10.97-1.amzn2.0.29', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-c++-6.9.10.97-1.amzn2.0.29', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-c++-6.9.10.97-1.amzn2.0.29', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-c++-6.9.10.97-1.amzn2.0.29', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-c++-devel-6.9.10.97-1.amzn2.0.29', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-c++-devel-6.9.10.97-1.amzn2.0.29', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-c++-devel-6.9.10.97-1.amzn2.0.29', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-debuginfo-6.9.10.97-1.amzn2.0.29', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-debuginfo-6.9.10.97-1.amzn2.0.29', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-debuginfo-6.9.10.97-1.amzn2.0.29', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-devel-6.9.10.97-1.amzn2.0.29', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-devel-6.9.10.97-1.amzn2.0.29', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-devel-6.9.10.97-1.amzn2.0.29', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-doc-6.9.10.97-1.amzn2.0.29', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-doc-6.9.10.97-1.amzn2.0.29', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-doc-6.9.10.97-1.amzn2.0.29', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-perl-6.9.10.97-1.amzn2.0.29', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-perl-6.9.10.97-1.amzn2.0.29', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ImageMagick-perl-6.9.10.97-1.amzn2.0.29', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Jun 2026 00:00Current
6Medium risk
Vulners AI Score6
ImageMagick vulnerabilitiesAmazon LinuxOut of bounds readPolicy bypassResource abuse
2