Nixpkgs security tracker

Published

Permalink CVE-2026-49219

5.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 5 hours ago by @LeSuisse Activity log

Created suggestion 10 hours ago
@LeSuisse ignored
2 packages
- haskellPackages.ihp-imagemagick
- graphicsmagick-imagemagick-compat
5 hours ago
@LeSuisse ignored
3 maintainers
- @dotlambda
- @rhendric
- @faukah
5 hours ago maintainer.ignore
@LeSuisse accepted 5 hours ago
@LeSuisse published on GitHub 5 hours ago

ImageMagick: Policy Bypass can read disallowed files

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xcjm-wqff-m669 x_refsource_CONFIRM

Affected products

ImageMagick

==< 6.9.13-48
==< 7.1.2-24

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

Ignored packages (2)

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

Ignored maintainers (3)

@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@rhendric Ryan Hendrickson
@faukah faukah

Published

Permalink CVE-2026-49218

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 5 hours ago by @LeSuisse Activity log

Created suggestion 10 hours ago
@LeSuisse ignored
2 packages
- graphicsmagick-imagemagick-compat
- haskellPackages.ihp-imagemagick
5 hours ago
@LeSuisse ignored
3 maintainers
- @rhendric
- @faukah
- @dotlambda
5 hours ago maintainer.ignore
@LeSuisse accepted 5 hours ago
@LeSuisse published on GitHub 5 hours ago

ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8pj9-6897-74xc x_refsource_CONFIRM

Affected products

ImageMagick

==< 6.9.13-48
==< 7.1.2-24

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

Ignored packages (2)

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

Ignored maintainers (3)

@rhendric Ryan Hendrickson
@faukah faukah
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>

Untriaged

Permalink CVE-2026-46521

5.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 10 hours ago Activity log

Created suggestion 10 hours ago

ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jcqp-6r6f-3mfx x_refsource_CONFIRM

Affected products

ImageMagick

==< 7.1.2-23
==< 6.9.13-48

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

@Ambossmann Timo Gottszky <timogottszky+git@gmail.com>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@faukah faukah
@rhendric Ryan Hendrickson

Untriaged

Permalink CVE-2026-46522

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 10 hours ago Activity log

Created suggestion 10 hours ago

ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the issue.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7gg8-qqx7-92g5 x_refsource_CONFIRM

Affected products

ImageMagick

==< 7.1.2-23
==< 6.9.13-48

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

@Ambossmann Timo Gottszky <timogottszky+git@gmail.com>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@faukah faukah
@rhendric Ryan Hendrickson

Untriaged

Permalink CVE-2026-45359

5.7 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 10 hours ago Activity log

Created suggestion 10 hours ago

ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been patched in versions 6.9.13-48 and 7.1.2-22.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhrh-72hq-w8m7 x_refsource_CONFIRM

Affected products

ImageMagick

==< 7.1.2-22
==< 6.9.13-48

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

@Ambossmann Timo Gottszky <timogottszky+git@gmail.com>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@faukah faukah
@rhendric Ryan Hendrickson

Untriaged

Permalink CVE-2026-45031

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 10 hours ago Activity log

Created suggestion 10 hours ago

ImageMagick: Policy Bypass in PSD decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other security limits would still apply. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cwpj-h54c-xjpx x_refsource_CONFIRM

Affected products

ImageMagick

==< 6.9.13-47
==< 7.1.2-22

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

@Ambossmann Timo Gottszky <timogottszky+git@gmail.com>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@faukah faukah
@rhendric Ryan Hendrickson

Untriaged

Permalink CVE-2026-47166

5.7 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): High (H)
Privileges Required (PR): High (H)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 10 hours ago Activity log

Created suggestion 10 hours ago

ImageMagick: Heap Buffer Over-Read in distributed pixel cache server

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6gxq-f64p-5w6f x_refsource_CONFIRM

Affected products

ImageMagick

==< 7.1.2-23
==< 6.9.13-48

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

@Ambossmann Timo Gottszky <timogottszky+git@gmail.com>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@faukah faukah
@rhendric Ryan Hendrickson

Untriaged

Permalink CVE-2026-42326

5.1 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 10 hours ago Activity log

Created suggestion 10 hours ago

ImageMagick: Heap Buffer Over-Read in IPTC encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7wff-wpr6-vmhm x_refsource_CONFIRM

Affected products

ImageMagick

==< 6.9.13-47
==< 7.1.2-22

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

@Ambossmann Timo Gottszky <timogottszky+git@gmail.com>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@faukah faukah
@rhendric Ryan Hendrickson

Untriaged

Permalink CVE-2026-45624

5.1 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 10 hours ago Activity log

Created suggestion 10 hours ago

ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pfvh-m9xv-8966 x_refsource_CONFIRM

Affected products

ImageMagick

==< 6.9.13-47
==< 7.1.2-22

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

@Ambossmann Timo Gottszky <timogottszky+git@gmail.com>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@faukah faukah
@rhendric Ryan Hendrickson

Untriaged

Permalink CVE-2026-46559

4.0 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 10 hours ago Activity log

Created suggestion 10 hours ago

ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-533m-3wf6-c33v x_refsource_CONFIRM

Affected products

ImageMagick

==< 7.1.2-23
==< 6.9.13-48

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-23
- nixpkgs-unstable 7.1.2-23
- nixos-unstable-small 7.1.2-23
nixos-26.05 7.1.2-23
- nixos-26.05-small 7.1.2-23
- nixpkgs-26.05-darwin 7.1.2-23

pkgs.haskellPackages.ihp-imagemagick

ImageMagick preprocessing for IHP file uploads

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-26.05 1.0.0
- nixos-26.05-small 1.0.0
- nixpkgs-26.05-darwin 1.0.0

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.47
- nixpkgs-unstable 1.3.47
- nixos-unstable-small 1.3.47
nixos-26.05 1.3.47
- nixos-26.05-small 1.3.47
- nixpkgs-26.05-darwin 1.3.47

Package maintainers

@Ambossmann Timo Gottszky <timogottszky+git@gmail.com>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@faukah faukah
@rhendric Ryan Hendrickson

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick

pkgs.graphicsmagick-imagemagick-compat

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.imagemagick

pkgs.imagemagickBig

pkgs.imagemagick_light

pkgs.haskellPackages.ihp-imagemagick