An update for ImageMagick is now available for openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2388 Final 1.0 1.0 2026-05-22 Initial 2026-05-22 2026-05-22 openEuler SA Tool V1.0 2026-05-22 ImageMagick security update An update for ImageMagick is now available for openEuler-22.03-LTS-SP4 Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves. Security Fix(es): (CVE-2026-42326) (CVE-2026-45031) (CVE-2026-45358) (CVE-2026-45359) (CVE-2026-45624) (CVE-2026-45664) (CVE-2026-46520) (CVE-2026-46521) (CVE-2026-46522) (CVE-2026-46523) (CVE-2026-46557) (CVE-2026-46559) (CVE-2026-46692) (CVE-2026-46693) ImageMagick versions prior to 7.1.2-23 and 6.9.13-48 do not implement a challenge-response authentication model for the distributed pixel cache server. Originally designed to operate without authentication, a local attacker with high privileges may exploit this flaw to access sensitive pixel data in the distributed pixel cache, resulting in information disclosure.(CVE-2026-47165) An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This vulnerability affects ImageMagick versions prior to 7.1.2-23 and 6.9.13-48, and could lead to information disclosure or denial of service.(CVE-2026-47166) An update for ImageMagick is now available for openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High ImageMagick https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-42326 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-45031 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-45358 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-45359 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-45624 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-45664 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46520 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46521 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46522 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46523 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46557 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46559 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46692 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-46693 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-47165 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-47166 https://nvd.nist.gov/vuln/detail/CVE-2026-42326 https://nvd.nist.gov/vuln/detail/CVE-2026-45031 https://nvd.nist.gov/vuln/detail/CVE-2026-45358 https://nvd.nist.gov/vuln/detail/CVE-2026-45359 https://nvd.nist.gov/vuln/detail/CVE-2026-45624 https://nvd.nist.gov/vuln/detail/CVE-2026-45664 https://nvd.nist.gov/vuln/detail/CVE-2026-46520 https://nvd.nist.gov/vuln/detail/CVE-2026-46521 https://nvd.nist.gov/vuln/detail/CVE-2026-46522 https://nvd.nist.gov/vuln/detail/CVE-2026-46523 https://nvd.nist.gov/vuln/detail/CVE-2026-46557 https://nvd.nist.gov/vuln/detail/CVE-2026-46559 https://nvd.nist.gov/vuln/detail/CVE-2026-46692 https://nvd.nist.gov/vuln/detail/CVE-2026-46693 https://nvd.nist.gov/vuln/detail/CVE-2026-47165 https://nvd.nist.gov/vuln/detail/CVE-2026-47166 openEuler-22.03-LTS-SP4 ImageMagick-7.1.2.23-1.oe2203sp4.src.rpm ImageMagick-7.1.2.23-1.oe2203sp4.x86_64.rpm ImageMagick-c++-7.1.2.23-1.oe2203sp4.x86_64.rpm ImageMagick-c++-devel-7.1.2.23-1.oe2203sp4.x86_64.rpm ImageMagick-debuginfo-7.1.2.23-1.oe2203sp4.x86_64.rpm ImageMagick-debugsource-7.1.2.23-1.oe2203sp4.x86_64.rpm ImageMagick-devel-7.1.2.23-1.oe2203sp4.x86_64.rpm ImageMagick-perl-7.1.2.23-1.oe2203sp4.x86_64.rpm ImageMagick-help-7.1.2.23-1.oe2203sp4.noarch.rpm ImageMagick-7.1.2.23-1.oe2203sp4.aarch64.rpm ImageMagick-c++-7.1.2.23-1.oe2203sp4.aarch64.rpm ImageMagick-c++-devel-7.1.2.23-1.oe2203sp4.aarch64.rpm ImageMagick-debuginfo-7.1.2.23-1.oe2203sp4.aarch64.rpm ImageMagick-debugsource-7.1.2.23-1.oe2203sp4.aarch64.rpm ImageMagick-devel-7.1.2.23-1.oe2203sp4.aarch64.rpm ImageMagick-perl-7.1.2.23-1.oe2203sp4.aarch64.rpm 2026-05-22 CVE-2026-42326 openEuler-22.03-LTS-SP4 Medium 5.1 AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 2026-05-22 CVE-2026-45031 openEuler-22.03-LTS-SP4 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 2026-05-22 CVE-2026-45358 openEuler-22.03-LTS-SP4 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 2026-05-22 CVE-2026-45359 openEuler-22.03-LTS-SP4 Medium 5.7 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 2026-05-22 CVE-2026-45624 openEuler-22.03-LTS-SP4 Medium 5.1 AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 2026-05-22 CVE-2026-45664 openEuler-22.03-LTS-SP4 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 2026-05-22 CVE-2026-46520 openEuler-22.03-LTS-SP4 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 2026-05-22 CVE-2026-46521 openEuler-22.03-LTS-SP4 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 2026-05-22 CVE-2026-46522 openEuler-22.03-LTS-SP4 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 2026-05-22 CVE-2026-46523 openEuler-22.03-LTS-SP4 Medium 6.2 AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 2026-05-22 CVE-2026-46557 openEuler-22.03-LTS-SP4 Medium 6.2 AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 2026-05-22 CVE-2026-46559 openEuler-22.03-LTS-SP4 Medium 4.0 AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 2026-05-22 CVE-2026-46692 openEuler-22.03-LTS-SP4 Medium 4.1 AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 2026-05-22 CVE-2026-46693 openEuler-22.03-LTS-SP4 Medium 4.1 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 ImageMagick versions prior to 7.1.2-23 and 6.9.13-48 do not implement a challenge-response authentication model for the distributed pixel cache server. Originally designed to operate without authentication, a local attacker with high privileges may exploit this flaw to access sensitive pixel data in the distributed pixel cache, resulting in information disclosure. 2026-05-22 CVE-2026-47165 openEuler-22.03-LTS-SP4 Medium 4.1 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388 An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This vulnerability affects ImageMagick versions prior to 7.1.2-23 and 6.9.13-48, and could lead to information disclosure or denial of service. 2026-05-22 CVE-2026-47166 openEuler-22.03-LTS-SP4 Medium 5.7 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H ImageMagick security update 2026-05-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2388