Nixpkgs security tracker

Published

Permalink CVE-2026-53463

4.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

updated 2 hours ago by @LeSuisse Activity log

Created suggestion 8 hours ago
@LeSuisse ignored
2 packages
- graphicsmagick-imagemagick-compat
- haskellPackages.ihp-imagemagick
2 hours ago
@LeSuisse accepted 2 hours ago
@LeSuisse published on GitHub 2 hours ago

ImageMagick: Null Pointer Dereference in distort operation when passing incorrect arguments

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p9rq-q46c-g4x6 x_refsource_CONFIRM

Affected products

ImageMagick

==< 7.1.2-25
==< 6.9.13-50

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

Ignored packages (2)

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@faukah faukah
@rhendric Ryan Hendrickson

Published

Permalink CVE-2026-53461

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 2 hours ago by @LeSuisse Activity log

Created suggestion 8 hours ago
@LeSuisse ignored
2 packages
- graphicsmagick-imagemagick-compat
- haskellPackages.ihp-imagemagick
2 hours ago
@LeSuisse accepted 2 hours ago
@LeSuisse published on GitHub 2 hours ago

ImageMagick: Out-of-bounds write in ICON decoder due to incorrect loop

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g22q-f7gc-5jhr x_refsource_CONFIRM

Affected products

ImageMagick

==< 7.1.2-25
==< 6.9.13-50

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

Ignored packages (2)

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@faukah faukah
@rhendric Ryan Hendrickson

Published

Permalink CVE-2026-53464

4.0 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

updated 2 hours ago by @LeSuisse Activity log

Created suggestion 8 hours ago
@LeSuisse ignored
2 packages
- haskellPackages.ihp-imagemagick
- graphicsmagick-imagemagick-compat
2 hours ago
@LeSuisse accepted 2 hours ago
@LeSuisse published on GitHub 2 hours ago

ImageMagick: Memory Leak in wand option parser when providing invalid arguments

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the wand option parser a small memory leak will occur. This issue has been patched in version 7.1.2-25.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j989-f892-2335 x_refsource_CONFIRM

Affected products

ImageMagick

==< 7.1.2-25

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

Ignored packages (2)

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@faukah faukah
@rhendric Ryan Hendrickson

Published

Permalink CVE-2026-53460

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 2 hours ago by @LeSuisse Activity log

Created suggestion 8 hours ago
@LeSuisse ignored
2 packages
- graphicsmagick-imagemagick-compat
- haskellPackages.ihp-imagemagick
2 hours ago
@LeSuisse accepted 2 hours ago
@LeSuisse published on GitHub 2 hours ago

ImageMagick: Policy Bypass can trigger out-of-Memory condition

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q62c-h75r-2xhc x_refsource_CONFIRM

Affected products

ImageMagick

==< 7.1.2-25
==< 6.9.13-50

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

Ignored packages (2)

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@faukah faukah
@rhendric Ryan Hendrickson

Published

Permalink CVE-2026-53462

5.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 2 hours ago by @LeSuisse Activity log

Created suggestion 8 hours ago
@LeSuisse ignored
2 packages
- graphicsmagick-imagemagick-compat
- haskellPackages.ihp-imagemagick
2 hours ago
@LeSuisse accepted 2 hours ago
@LeSuisse published on GitHub 2 hours ago

ImageMagick: Use-After-Free when allocation in CheckPrimitiveExtent fails

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-px7q-ggqj-hcf2 x_refsource_CONFIRM

Affected products

ImageMagick

==< 7.1.2-25
==< 6.9.13-50

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

Ignored packages (2)

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@faukah faukah
@rhendric Ryan Hendrickson

Published

Permalink CVE-2026-53465

6.2 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 2 hours ago by @LeSuisse Activity log

Created suggestion 8 hours ago
@LeSuisse ignored
2 packages
- graphicsmagick-imagemagick-compat
- haskellPackages.ihp-imagemagick
2 hours ago
@LeSuisse accepted 2 hours ago
@LeSuisse published on GitHub 2 hours ago

ImageMagick: Heap Buffer Over-Write in SF3 encoder when writing multi-frame image

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-44cp-c3ww-9rv5 x_refsource_CONFIRM

Affected products

ImageMagick

==< 7.1.2-25

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

Ignored packages (2)

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@faukah faukah
@rhendric Ryan Hendrickson

Published

Permalink CVE-2026-48724

5.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 2 hours ago by @LeSuisse Activity log

Created suggestion 8 hours ago
@LeSuisse ignored
2 packages
- graphicsmagick-imagemagick-compat
- haskellPackages.ihp-imagemagick
2 hours ago
@LeSuisse ignored
3 maintainers
- @rhendric
- @faukah
- @dotlambda
2 hours ago maintainer.ignore
@LeSuisse accepted 2 hours ago
@LeSuisse published on GitHub 2 hours ago

ImageMagick: Heap Buffer Underwrite in Floyd-Steinberg depth dithering

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write. This issue has been patched in version 7.1.2-24.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2hhq-c99x-492r x_refsource_CONFIRM

Affected products

ImageMagick

==< 7.1.2-24

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

Ignored packages (2)

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

Ignored maintainers (3)

@rhendric Ryan Hendrickson
@faukah faukah
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>

Published

Permalink CVE-2026-48994

5.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 2 hours ago by @LeSuisse Activity log

Created suggestion 8 hours ago
@LeSuisse ignored
2 packages
- graphicsmagick-imagemagick-compat
- haskellPackages.ihp-imagemagick
2 hours ago
@LeSuisse ignored
3 maintainers
- @rhendric
- @faukah
- @dotlambda
2 hours ago maintainer.ignore
@LeSuisse accepted 2 hours ago
@LeSuisse published on GitHub 2 hours ago

ImageMagick: Heap Buffer Over-Write in MAT decoder on 32-bit systems

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4v89-6mgq-6rgc x_refsource_CONFIRM

Affected products

ImageMagick

==< 6.9.13-48
==< 7.1.2-24

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

Ignored packages (2)

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

Ignored maintainers (3)

@rhendric Ryan Hendrickson
@faukah faukah
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>

Published

Permalink CVE-2026-48733

4.7 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 2 hours ago by @LeSuisse Activity log

Created suggestion 8 hours ago
@LeSuisse ignored
2 packages
- graphicsmagick-imagemagick-compat
- haskellPackages.ihp-imagemagick
2 hours ago
@LeSuisse ignored
3 maintainers
- @rhendric
- @faukah
- @dotlambda
2 hours ago maintainer.ignore
@LeSuisse accepted 2 hours ago
@LeSuisse published on GitHub 2 hours ago

ImageMagick: Infinite Loop in subimage-search with crafted image

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5v62-8fq6-cp9m x_refsource_CONFIRM

Affected products

ImageMagick

==< 6.9.13-49
==< 7.1.2-24

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

Ignored packages (2)

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

Ignored maintainers (3)

@rhendric Ryan Hendrickson
@faukah faukah
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>

Published

Permalink CVE-2026-48734

5.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 2 hours ago by @LeSuisse Activity log

Created suggestion 8 hours ago
@LeSuisse ignored
2 packages
- haskellPackages.ihp-imagemagick
- graphicsmagick-imagemagick-compat
3 hours ago
@LeSuisse ignored
3 maintainers
- @rhendric
- @faukah
- @dotlambda
2 hours ago maintainer.ignore
@LeSuisse accepted 2 hours ago
@LeSuisse published on GitHub 2 hours ago

ImageMagick: Stack Overflow in MVG decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h36c-3666-h489 x_refsource_CONFIRM

Affected products

ImageMagick

==< 6.9.13-49
==< 7.1.2-24

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

Ignored packages (2)

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

Ignored maintainers (3)

@rhendric Ryan Hendrickson
@faukah faukah
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick