{"schema_version":"1.7.2","id":"OESA-2026-2387","modified":"2026-05-22T13:17:40Z","published":"2026-05-22T13:17:40Z","upstream":["CVE-2026-42326","CVE-2026-45031","CVE-2026-45358","CVE-2026-45624","CVE-2026-45664","CVE-2026-46520","CVE-2026-46521","CVE-2026-46522","CVE-2026-46523","CVE-2026-46557","CVE-2026-46559","CVE-2026-46692","CVE-2026-46693","CVE-2026-47165","CVE-2026-47166"],"summary":"ImageMagick security update","details":"Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\n\n(CVE-2026-42326)\n\n(CVE-2026-45031)\n\n(CVE-2026-45358)\n\n(CVE-2026-45624)\n\n(CVE-2026-45664)\n\n(CVE-2026-46520)\n\n(CVE-2026-46521)\n\n(CVE-2026-46522)\n\n(CVE-2026-46523)\n\n(CVE-2026-46557)\n\n(CVE-2026-46559)\n\n(CVE-2026-46692)\n\n(CVE-2026-46693)\n\nImageMagick versions prior to 7.1.2-23 and 6.9.13-48 do not implement a challenge-response authentication model for the distributed pixel cache server. Originally designed to operate without authentication, a local attacker with high privileges may exploit this flaw to access sensitive pixel data in the distributed pixel cache, resulting in information disclosure.(CVE-2026-47165)\n\nAn attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This vulnerability affects ImageMagick versions prior to 7.1.2-23 and 6.9.13-48, and could lead to information disclosure or denial of service.(CVE-2026-47166)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"ImageMagick","purl":"pkg:rpm/openEuler/ImageMagick&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.9.13.48-1.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["ImageMagick-6.9.13.48-1.oe2003sp4.aarch64.rpm","ImageMagick-c++-6.9.13.48-1.oe2003sp4.aarch64.rpm","ImageMagick-c++-devel-6.9.13.48-1.oe2003sp4.aarch64.rpm","ImageMagick-debuginfo-6.9.13.48-1.oe2003sp4.aarch64.rpm","ImageMagick-debugsource-6.9.13.48-1.oe2003sp4.aarch64.rpm","ImageMagick-devel-6.9.13.48-1.oe2003sp4.aarch64.rpm","ImageMagick-perl-6.9.13.48-1.oe2003sp4.aarch64.rpm"],"noarch":["ImageMagick-help-6.9.13.48-1.oe2003sp4.noarch.rpm"],"src":["ImageMagick-6.9.13.48-1.oe2003sp4.src.rpm"],"x86_64":["ImageMagick-6.9.13.48-1.oe2003sp4.x86_64.rpm","ImageMagick-c++-6.9.13.48-1.oe2003sp4.x86_64.rpm","ImageMagick-c++-devel-6.9.13.48-1.oe2003sp4.x86_64.rpm","ImageMagick-debuginfo-6.9.13.48-1.oe2003sp4.x86_64.rpm","ImageMagick-debugsource-6.9.13.48-1.oe2003sp4.x86_64.rpm","ImageMagick-devel-6.9.13.48-1.oe2003sp4.x86_64.rpm","ImageMagick-perl-6.9.13.48-1.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2387"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42326"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45031"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45358"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45624"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45664"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46520"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46521"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46522"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46523"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46557"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46559"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46692"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46693"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-47165"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-47166"}],"database_specific":{"severity":"High"}}