Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1098

NIXPKGS-2026-1098
published 1 month, 4 weeks ago
Permalink CVE-2026-40312
6.2 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 1 month, 4 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 4 weeks ago
  • @LeSuisse ignored
    6 packages
    • graphicsmagick-imagemagick-compat
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    • imagemagick6Big
    • imagemagick_light
    • imagemagick6_light
    1 month, 4 weeks ago
  • @LeSuisse accepted 1 month, 4 weeks ago
  • @LeSuisse published on GitHub 1 month, 4 weeks ago
ImageMagick: Off-by-One in MSL decoder could result in crash

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19.

Affected products

ImageMagick
  • ==< 7.1.2-19

Matching in nixpkgs

Ignored packages (6)

Package maintainers