Red Hat Security Advisory: ImageMagick security update
Multiple vulnerabilities have been identified in ImageMagick, an image display and manipulation tool, affecting Red Hat Enterprise Linux 7 Extended Lifecycle Support. These include several denial of service issues caused by out-of-bounds writes, crafted image files, resource policy bypasses, heap-use-after-free, heap buffer over-writes, and missing memory checks. Additionally, an arbitrary code execution vulnerability via SVG decoder command injection is present. Red Hat has issued a security advisory with updates addressing these issues.
AI Analysis
Technical Summary
This advisory covers nine security vulnerabilities in ImageMagick, including denial of service (DoS) flaws such as out-of-bounds writes (CVE-2026-46520), crafted MIFF file processing (CVE-2026-46522), excessive resource use in MNG coder (CVE-2026-45664), resource policy bypass in PSD decoder (CVE-2026-45031), heap-use-after-free via crafted MSL image (CVE-2026-46523), heap buffer over-write via service connection (CVE-2026-46692), missing memory request check (CVE-2026-53460), and crafted DCM image with invalid dimensions (CVE-2026-49218). Critically, an arbitrary code execution vulnerability exists via SVG decoder command injection (CVE-2026-56379). These vulnerabilities affect ImageMagick packages in Red Hat Enterprise Linux 7 Extended Lifecycle Support. The advisory references fixes available via updated packages and provides links for remediation.
Potential Impact
The vulnerabilities collectively allow attackers to cause denial of service conditions through various malformed image inputs, potentially crashing or destabilizing the ImageMagick service. The most severe issue enables arbitrary code execution via the SVG decoder, which could allow an attacker to execute code remotely with the privileges of the ImageMagick process. These issues pose significant risks to systems processing untrusted image files.
Mitigation Recommendations
Red Hat has released security updates for ImageMagick in Red Hat Enterprise Linux 7 Extended Lifecycle Support that address all listed vulnerabilities. Users should apply these official patches promptly. For detailed update instructions, refer to the Red Hat advisory at https://access.redhat.com/articles/11258. No additional mitigations are indicated beyond applying the vendor-provided updates.
Red Hat Security Advisory: ImageMagick security update
Description
Multiple vulnerabilities have been identified in ImageMagick, an image display and manipulation tool, affecting Red Hat Enterprise Linux 7 Extended Lifecycle Support. These include several denial of service issues caused by out-of-bounds writes, crafted image files, resource policy bypasses, heap-use-after-free, heap buffer over-writes, and missing memory checks. Additionally, an arbitrary code execution vulnerability via SVG decoder command injection is present. Red Hat has issued a security advisory with updates addressing these issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers nine security vulnerabilities in ImageMagick, including denial of service (DoS) flaws such as out-of-bounds writes (CVE-2026-46520), crafted MIFF file processing (CVE-2026-46522), excessive resource use in MNG coder (CVE-2026-45664), resource policy bypass in PSD decoder (CVE-2026-45031), heap-use-after-free via crafted MSL image (CVE-2026-46523), heap buffer over-write via service connection (CVE-2026-46692), missing memory request check (CVE-2026-53460), and crafted DCM image with invalid dimensions (CVE-2026-49218). Critically, an arbitrary code execution vulnerability exists via SVG decoder command injection (CVE-2026-56379). These vulnerabilities affect ImageMagick packages in Red Hat Enterprise Linux 7 Extended Lifecycle Support. The advisory references fixes available via updated packages and provides links for remediation.
Potential Impact
The vulnerabilities collectively allow attackers to cause denial of service conditions through various malformed image inputs, potentially crashing or destabilizing the ImageMagick service. The most severe issue enables arbitrary code execution via the SVG decoder, which could allow an attacker to execute code remotely with the privileges of the ImageMagick process. These issues pose significant risks to systems processing untrusted image files.
Mitigation Recommendations
Red Hat has released security updates for ImageMagick in Red Hat Enterprise Linux 7 Extended Lifecycle Support that address all listed vulnerabilities. Users should apply these official patches promptly. For detailed update instructions, refer to the Red Hat advisory at https://access.redhat.com/articles/11258. No additional mitigations are indicated beyond applying the vendor-provided updates.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:32961
- Cve Count
- 9
- Additional Cves
- ["CVE-2026-45664","CVE-2026-46520","CVE-2026-46522","CVE-2026-46523","CVE-2026-46692","CVE-2026-49218","CVE-2026-53460","CVE-2026-56379"]
- Cvss Version
- null
Threat ID: 6a42ed5527e9c797199365f0
Added to database: 06/29/2026, 22:10:29 UTC
Last enriched: 06/29/2026, 22:30:55 UTC
Last updated: 06/30/2026, 01:31:12 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.