Bug 2445882 (CVE-2026-30937)
| Summary: | CVE-2026-30937 ImageMagick: ImageMagick: Denial of Service via integer overflow in XWD encoder | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in ImageMagick, a software suite for editing and manipulating digital images. An integer overflow vulnerability exists in the XWD (X Windows) encoder when processing extremely large images. This flaw can lead to an undersized memory allocation, resulting in an out-of-bounds write to the heap. A local attacker could exploit this to cause a denial of service (DoS) or potentially impact data integrity.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2445971, 2445972 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-03-09 22:01:58 UTC
|