[Buildroot] [PATCH] package/imagemagick: security bump to v7.1.2-15

From: Thomas Perale via buildroot <buildroot@buildroot.org>
To: buildroot@buildroot.org
Subject: [Buildroot] [PATCH] package/imagemagick: security bump to v7.1.2-15
Date: Wed, 25 Feb 2026 09:10:01 +0100	[thread overview]
Message-ID: <20260225081001.37745-1-thomas.perale@mind.be> (raw)

For more information on the version bump, see:
  - https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
  - https://github.com/ImageMagick/ImageMagick/compare/7.1.2-12...7.1.2-15

Fixes the following vulnerabilities:

- CVE-2026-22770:
    The BilateralBlurImage method will allocate a set of double buffers
    inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the
    last element in the set is not properly initialized. This will
    result in a release of an invalid pointer inside DestroyBilateralTLS
    when the memory allocation fails.

    https://www.cve.org/CVERecord?id=CVE-2026-22770

- CVE-2026-23874:
    Versions prior to 7.1.2-13 have a stack overflow via infinite
    recursion in MSL (Magick Scripting Language) `<write>` command when
    writing to MSL format.

    https://www.cve.org/CVERecord?id=CVE-2026-23874

- CVE-2026-23876:
    Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow
    vulnerability in the XBM image decoder (ReadXBMImage) allows an
    attacker to write controlled data past the allocated heap buffer
    when processing a maliciously crafted image file. Any operation that
    reads or identifies an image can trigger the overflow, making it
    exploitable via common image upload and processing pipelines.

    https://www.cve.org/CVERecord?id=CVE-2026-23876

- CVE-2026-24481:
    Prior to versions 7.1.2-15 and 6.9.13-40, a heap information
    disclosure vulnerability exists in ImageMagick's PSD (Adobe
    Photoshop) format handler. When processing a maliciously crafted PSD
    file containing ZIP-compressed layer data that decompresses to less
    than the expected size, uninitialized heap memory is leaked into the
    output image.

    https://www.cve.org/CVERecord?id=CVE-2026-24481

- CVE-2026-25638:
    Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in
    `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file,
    resources are allocated. But the function returns early without
    releasing these allocated resources.

    https://www.cve.org/CVERecord?id=CVE-2026-25638

- CVE-2026-25794:
    `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute
    the pixel buffer size. Prior to version 7.1.2-15, when image
    dimensions are large, the multiplication overflows 32-bit `int`,
    causing an undersized heap allocation followed by an out-of-bounds
    write. This can crash the process or potentially lead to an out of
    bounds heap write.

    https://www.cve.org/CVERecord?id=CVE-2026-25794

- CVE-2026-25795:
    Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()`
    (`coders/sfw.c`), when temporary file creation fails, `read_info` is
    destroyed before its `filename` member is accessed, causing a NULL
    pointer dereference and crash.

    https://www.cve.org/CVERecord?id=CVE-2026-25795

- CVE-2026-25796:
    Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()`
    (`coders/stegano.c`), the `watermark` Image object is not freed on
    three early-return paths, resulting in a definite memory leak
    (~13.5KB+ per invocation) that can be exploited for denial of
    service.

    https://www.cve.org/CVERecord?id=CVE-2026-25796

- CVE-2026-25798:
    Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference
    in ClonePixelCacheRepository allows a remote attacker to crash any
    application linked against ImageMagick by supplying a crafted image
    file, resulting in denial of service.

    https://www.cve.org/CVERecord?id=CVE-2026-25798

- CVE-2026-25799:
    Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV
    sampling factor validation allows an invalid sampling factor to
    bypass checks and trigger a division-by-zero during image loading,
    resulting in a reliable denial-of-service.

    https://www.cve.org/CVERecord?id=CVE-2026-25799

- CVE-2026-25897:
    Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow
    vulnerability exists in the sun decoder. On 32-bit systems/builds, a
    carefully crafted image can lead to an out of bounds heap write.

    https://www.cve.org/CVERecord?id=CVE-2026-25897

- CVE-2026-25989:
    Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can
    cause a denial of service. An off-by-one boundary check (`>` instead
    of `>=`) that allows bypass the guard and reach an undefined
    `(size_t)` cast.

    https://www.cve.org/CVERecord?id=CVE-2026-25989

- CVE-2026-26066:
    Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain
    invalid IPTC data may cause an infinite loop when writing it with
    `IPTCTEXT`.

    https://www.cve.org/CVERecord?id=CVE-2026-26066

- CVE-2026-26283:
    Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in
    the JPEG extent binary search loop in the jpeg encoder causes an
    infinite loop when writing persistently fails. An attacker can
    trigger a 100% CPU consumption and process hang (Denial of Service)
    with a crafted image.

    https://www.cve.org/CVERecord?id=CVE-2026-26283

- CVE-2026-26284:
    Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper
    boundary checking when processing Huffman- coded data from PCD
    (Photo CD) files. The decoder contains an function that has an
    incorrect initialization that could cause an out of bounds read.

    https://www.cve.org/CVERecord?id=CVE-2026-26284

- CVE-2026-26983:
    Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter
    crashes when processing a invalid `<map>` element that causes it to
    use an image after it has been freed.

    https://www.cve.org/CVERecord?id=CVE-2026-26983

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
 package/imagemagick/imagemagick.hash | 4 ++--
 package/imagemagick/imagemagick.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/imagemagick/imagemagick.hash b/package/imagemagick/imagemagick.hash
index eead3a9f97..90383c4d17 100644
--- a/package/imagemagick/imagemagick.hash
+++ b/package/imagemagick/imagemagick.hash
@@ -1,3 +1,3 @@
 # Locally computed
-sha256  521fa7a8c0f664a3f5cf7437cbcc219f12bd6d5fe0c1fb014f212fa145076e60  imagemagick-7.1.2-12.tar.gz
-sha256  a556c5292c87c9a6ac795c80669b0c3660f9f729de8c476bf2b10f83ab1b34ec  LICENSE
+sha256  bf646e7fffdf50b7d886eec6bbe51c3ced1c4d68fbabfcc534e014575359fe7f  imagemagick-7.1.2-15.tar.gz
+sha256  131447ad0099069beaa32acf1700716eea294a5bdf936d8211d7026b1849e5d4  LICENSE
diff --git a/package/imagemagick/imagemagick.mk b/package/imagemagick/imagemagick.mk
index 0d5eb2aa34..5a03fbfd8f 100644
--- a/package/imagemagick/imagemagick.mk
+++ b/package/imagemagick/imagemagick.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-IMAGEMAGICK_VERSION = 7.1.2-12
+IMAGEMAGICK_VERSION = 7.1.2-15
 IMAGEMAGICK_SITE = $(call github,ImageMagick,ImageMagick,$(IMAGEMAGICK_VERSION))
 IMAGEMAGICK_LICENSE = Apache-2.0
 IMAGEMAGICK_LICENSE_FILES = LICENSE
-- 
2.53.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
