OESA-2026-1502 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

[SECURITY] Fedora 42 Update: libsixel-1.10.5-5.fc42

An encoder/decoder implementation for DEC SIXEL graphics...

[SECURITY] Fedora 43 Update: libsixel-1.10.5-5.fc43

An encoder/decoder implementation for DEC SIXEL graphics...

Amazon Linux 2023 : firefox (ALAS2023-2026-1469)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1469 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area...

NewStart CGSL MAIN 6.06 (SP) : python3 Multiple Vulnerabilities (NS-SA-2026-0032)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has python3 packages installed that are affected by multiple vulnerabilities: - Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path whi...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3190 (ALAS-2026-3190)

The version of thunderbird installed on the remote host is prior to 140.7.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3190 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : ImageMagick vulnerabilities (USN-8069-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8069-1 advisory. It was discovered that ImageMagick did not properly decode certain SUN image files. An attack...

Amazon Linux 2023 : jxl-pixbuf-loader, libjxl, libjxl-devel (ALAS2023-2026-1459)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1459 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area...

netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

A flaw was found in Netty. With specially crafted input, BrotliDecoder and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service...

USN-8069-1: ImageMagick vulnerabilities

It was discovered that ImageMagick did not properly decode certain SUN image files. An attacker could use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2026-25897 It was discovered that ImageMagick did not properly validate pix...

USN-8069-1 imagemagick vulnerabilities

It was discovered that ImageMagick did not properly decode certain SUN image files. An attacker could use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2026-25897 It was discovered that ImageMagick did not properly validate pix...

Linux Distros Unpatched Vulnerability : CVE-2026-1725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated...

FreeBSD : Gitlab -- vulnerabilities (102a03c9-1316-11f1-93ca-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 102a03c9-1316-11f1-93ca-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting issue in Mermaid sandbox impacts GitLab CE/EE Denial of...

PUB-A-337803567

In mfcdecdqbuf of mfcdecv4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-8792

MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity...

Linux Distros Unpatched Vulnerability : CVE-2026-25970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overfl...

Improper Encoding or Escaping of Output

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Improper Encoding or Escaping of Output

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

ImageMagick: SVG-to-MVG Command Injection via coders/svg.c

An attacker can inject arbitrary MVG Magick Vector Graphics drawing commands in an SVG file that is read by the internal SVG decoder of ImageMagick. The injected MVG commands execute during rendering...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the internal SVG decoder process. An attacker can execute arbitrary MVG drawing commands by crafting a malicious SVG file that is processed by the application. Remediation A fix was pushed int...