Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1485

NIXPKGS-2026-1485
published 4 weeks, 2 days ago
Permalink CVE-2026-42050
5.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 4 weeks, 2 days ago by @LeSuisse Activity log
  • Created suggestion 4 weeks, 2 days ago
  • @LeSuisse ignored package graphicsmagick-imagemagick-compat 4 weeks, 2 days ago
  • @LeSuisse ignored
    3 maintainers
    • @dotlambda
    • @rhendric
    • @faukah
    4 weeks, 2 days ago maintainer.ignore
  • @LeSuisse accepted 4 weeks, 2 days ago
  • @LeSuisse published on GitHub 4 weeks, 2 days ago
ImageMagick: Stack buffer overflow in XTileImage

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerability is fixed in 7.1.2-21 and 6.9.13-46.

Affected products

ImageMagick
  • ==>= 7.0.0, < 7.1.2-20
  • ==< 6.9.13-46

Matching in nixpkgs

Ignored packages (1)

Package maintainers

Ignored maintainers (3)