Search for packages
| purl | pkg:rpm/redhat/ImageMagick@6.9.10.68-10?arch=el7_9 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-jtkv-nvan-jbag
Aliases: CVE-2025-62171 GHSA-9pp9-cfwx-54rm |
ImageMagick has Integer Overflow in BMP Decoder (ReadBMP) CVE-2025-57803 claims to be patched in ImageMagick 7.1.2-2, but **the fix is incomplete and ineffective**. The latest version **7.1.2-5 remains vulnerable** to the same integer overflow attack. The patch added `BMPOverflowCheck()` but placed it **after** the overflow occurs, making it useless. A malicious 58-byte BMP file can trigger AddressSanitizer crashes and DoS. **Affected Versions:** - ImageMagick < 7.1.2-2 (originally reported) - **ImageMagick 7.1.2-2 through 7.1.2-5 (incomplete patch)** **Platform and Configuration Requirements:** - 32-bit systems ONLY (i386, i686, armv7l, etc.) - Requires `size_t = 4 bytes`. (64-bit systems are **NOT vulnerable** (size_t = 8 bytes)) - Requires modified resource limits: The default `width`, `height`, and `area` limits must have been manually increased (Systems using default ImageMagick resource limits are **NOT vulnerable**). --- | There are no reported fixed by versions. |
|
VCID-nvp5-dpj6-byda
Aliases: CVE-2026-23876 |
ImageMagick: ImageMagick: Arbitrary code execution via a crafted XBM image file | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:35:48.816832+00:00 | RedHat Importer | Affected by | VCID-jtkv-nvan-jbag | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62171.json | 38.0.0 |
| 2026-04-01T13:32:29.674974+00:00 | RedHat Importer | Affected by | VCID-nvp5-dpj6-byda | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23876.json | 38.0.0 |