TencentOS Server 2: ImageMagick (TSSA-2026:0251)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0251 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

CLSA-2026-1775121601 ImageMagick: Fix of 7 CVEs

CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28691: fix uninitialized pointer dereference in JBIG decoder - CVE-2026-25989: fix off-by-one boundary check in CastDoubleToLong - CVE-2026-25985: fix memory allocation without limits in SVG decoder -...

CLSA-2026-1774997937 ImageMagick: Fix of 7 CVEs

CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28691: fix uninitialized pointer dereference in JBIG decoder - CVE-2026-25989: fix off-by-one boundary check in CastDouble functions - CVE-2026-25985: fix memory allocation without limits in SVG decoder -...

ImageMagick: ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems

A vulnerability for an integer overflow has been identified in the ImageMagick image processing software suite on 32-bit systems with non-default resource limits. An attacker can exploit this flaw by providing a specially crafted malicious image file BMP format for processing. Successful...

OESA-2025-2588 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

GHSA-9PP9-CFWX-54RM ImageMagick has Integer Overflow in BMP Decoder (ReadBMP)

Summary CVE-2025-57803 claims to be patched in ImageMagick 7.1.2-2, but the fix is incomplete and ineffective. The latest version 7.1.2-5 remains vulnerable to the same integer overflow attack. The patch added BMPOverflowCheck but placed it after the overflow occurs, making it useless. A maliciou...

[SECURITY] [DLA 4339-1] imagemagick security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4339-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès October 19, 2025 https://wiki.debian.org/LTS -...

Debian dla-4339 : imagemagick - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4339 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4339-1 [email protected]...

CVE-2025-62171 ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems

ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating...

Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities

Background Mozilla is a popular web browser that includes a mail and newsreader. Epiphany is a web browser that uses Gecko, the Mozilla rendering engine. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. Description...