Bug 35199 - imagemagick and graphicsmagick new security issue CVE-2026-25799
Summary: imagemagick and graphicsmagick new security issue CVE-2026-25799
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2026-03-12 14:35 CET by Nicolas Salguero
Modified: 2026-03-19 19:05 CET (History)
4 users (show)

See Also:
Source RPM: graphicsmagick-1.3.40-1.2.mga9.src.rpm, imagemagick-7.1.1.29-1.1.mga9.src.rpm, graphicsmagick-1.3.40-1.2.mga9.tainted.src.rpm, imagemagick-7.1.1.29-1.1.mga9.tainted.src.rpm
CVE: CVE-2026-25799
Status comment:
herman.viaene: test_passed_mga9_64+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Nicolas Salguero 2026-03-12 14:36:20 CET

Source RPM: (none) => graphicsmagick-1.3.40-1.2.mga9.src.rpm, imagemagick-7.1.1.29-1.1.mga9.src.rpm
CVE: (none) => CVE-2026-25799
Status comment: (none) => Patch available from upstream and openSUSE

Comment 1 Nicolas Salguero 2026-03-12 15:29:39 CET 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

Division-by-Zero in YUV sampling factor validation leads to crash. (CVE-2026-25799)

References:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/A4HXQ3URGVXBE42UAP5YCPCA63KZZPJ3/
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6
========================

Updated packages in core/updates_testing:
========================
graphicsmagick-1.3.40-1.3.mga9
graphicsmagick-doc-1.3.40-1.3.mga9
lib(64)graphicsmagick++12-1.3.40-1.3.mga9
lib(64)graphicsmagick-devel-1.3.40-1.3.mga9
lib(64)graphicsmagick3-1.3.40-1.3.mga9
lib(64)graphicsmagickwand2-1.3.40-1.3.mga9
perl-Graphics-Magick-1.3.40-1.3.mga9

imagemagick-7.1.1.29-1.2.mga9
imagemagick-desktop-7.1.1.29-1.2.mga9
imagemagick-doc-7.1.1.29-1.2.mga9
lib(64)magick++-7Q16HDRI_5-7.1.1.29-1.2.mga9
lib(64)magick-7Q16HDRI_10-7.1.1.29-1.2.mga9
lib(64)magick-devel-7.1.1.29-1.2.mga9
perl-Image-Magick-7.1.1.29-1.2.mga9

from SRPMS:
graphicsmagick-1.3.40-1.3.mga9.src.rpm
imagemagick-7.1.1.29-1.2.mga9.src.rpm

Updated packages in tainted/updates_testing:
========================
graphicsmagick-1.3.40-1.3.mga9.tainted
graphicsmagick-doc-1.3.40-1.3.mga9.tainted
lib(64)graphicsmagick++12-1.3.40-1.3.mga9.tainted
lib(64)graphicsmagick-devel-1.3.40-1.3.mga9.tainted
lib(64)graphicsmagick3-1.3.40-1.3.mga9.tainted
lib(64)graphicsmagickwand2-1.3.40-1.3.mga9.tainted
perl-Graphics-Magick-1.3.40-1.3.mga9.tainted

imagemagick-7.1.1.29-1.2.mga9.tainted
imagemagick-desktop-7.1.1.29-1.2.mga9.tainted
imagemagick-doc-7.1.1.29-1.2.mga9.tainted
lib(64)magick++-7Q16HDRI_5-7.1.1.29-1.2.mga9.tainted
lib(64)magick-7Q16HDRI_10-7.1.1.29-1.2.mga9.tainted
lib(64)magick-devel-7.1.1.29-1.2.mga9.tainted
perl-Image-Magick-7.1.1.29-1.2.mga9.tainted

from SRPMS:
graphicsmagick-1.3.40-1.3.mga9.tainted.src.rpm
imagemagick-7.1.1.29-1.2.mga9.tainted.src.rpm

Assignee: bugsquad => qa-bugs
Source RPM: graphicsmagick-1.3.40-1.2.mga9.src.rpm, imagemagick-7.1.1.29-1.1.mga9.src.rpm => graphicsmagick-1.3.40-1.2.mga9.src.rpm, imagemagick-7.1.1.29-1.1.mga9.src.rpm, graphicsmagick-1.3.40-1.2.mga9.tainted.src.rpm, imagemagick-7.1.1.29-1.1.mga9.tainted.src.rpm
Status comment: Patch available from upstream and openSUSE => (none)
Status: NEW => ASSIGNED

katnatek 2026-03-12 21:24:46 CET

Keywords: (none) => advisory

Comment 2 Len Lawrence 2026-03-13 11:01:42 CET 
Mageia9, x86_64

Did not check for PoC.

Both sets updated without problems, hauling in a number of dependencies at the same time; e.g.
 Preparing...                     #############################################
     1/27: lib64hwloc15          #############################################
     2/27: lib64openpmix2        #############################################
     3/27: lib64openmpi40        #############################################
     4/27: lib64event-devel      #############################################
     5/27: lib64nl-nf3_200       #############################################
     6/27: libquadmath-devel     #############################################
     7/27: gcc-gfortran          #############################################
     8/27: lib64nl-cli3_200      #############################################
     9/27: lib64fftwmpi3         #############################################
    10/27: lib64opencl-devel     #############################################
    11/27: opencl-headers        #############################################
    12/27: lib64lqr-devel        #############################################
    13/27: lib64fribidi-devel    #############################################
    14/27: lib64raqm-devel       #############################################
    15/27: lib64fftwomp3         #############################################
    16/27: lib64pciaccess-devel  #############################################
    17/27: lib64hwloc-devel      #############################################
    18/27: lib64openpmix-devel   #############################################
    19/27: lib64nl-idiag3_200    #############################################
    20/27: lib64nl-xfrm3_200     #############################################
    21/27: lib64nl3-devel        #############################################
    22/27: lib64ibverbs-devel    #############################################
    23/27: lib64rdmacm-devel     #############################################
    24/27: openmpi               #############################################
    25/27: lib64openmpi-devel    #############################################
    26/27: lib64fftw-devel       #############################################
    27/27: lib64magick-devel     #############################################

Using bug 31817 for guidance.
Leaving tainted version for later.
$ rpm -qa | grep -i magick | grep -iv graphics
lib64magick-7Q16HDRI_10-7.1.1.29-1.2.mga9
imagemagick-7.1.1.29-1.2.mga9
lib64magick++-7Q16HDRI_5-7.1.1.29-1.2.mga9
imagemagick-desktop-7.1.1.29-1.2.mga9
imagemagick-doc-7.1.1.29-1.2.mga9
lib64magick-devel-7.1.1.29-1.2.mga9
perl-Image-Magick-7.1.1.29-1.2.mga9

Used display and geeqie to exercise imagemagick.
No problems with any of the image formats such as JPEG, TIFF, PPM, GIF, PNG.
$ urpmq --requires geeqie
ImageMagick
....

CC: (none) => tarazed25

Comment 3 Len Lawrence 2026-03-13 19:58:11 CET 
Tried a few command-line conversions....

$ convert -resize 120%x80% JessicaAlba.jpg Jessica.png
The PNG image displayed correctly as an elongated version of the original.

$ convert JessicaAlba.jpg -background grey44 -vignette 0x5 jessica.gif
And that produced a vignetted version of the original image.

$ identify Ikapati.tif
Ikapati.tif TIFF 1024x1024 1024x1024+0+0 8-bit Grayscale Gray 1.00118MiB 0.000u 0:00.000

$ convert -gravity center -size 640x120 label:"Good morning QA!" message.png
$ composite message.png Maggie.png -stegano +15+2 hello.png
$ display hello.png
Original image is shown, unchanged.
$ convert -size 640x120+15+2 stegano:hello.png secret.png
$ display secret.png
This displays the message on a plain white background.
Tried a few more tests along these lines and they all worked.

imagemagick looks as if it is working as designed.
Comment 4 Thomas Andrews 2026-03-16 22:54:25 CET 
Tested Graphics Magick core version in an "untainted" VirtualBox MGA9 Plasma guest. No installation issues. 

Used gm display to show several images of several formats, including jpg, png, xcf, heic. 

Used the gm convert command to convert between formats. Most worked, but some, like heic, didn't, as creating those is only available in the tainted version.

This version looks good.

CC: (none) => andrewsfarm

Comment 5 Thomas Andrews 2026-03-16 23:48:54 CET 
Well that's interesting. Testing the tainted version in another MGA9 VM shows that neither version of Graphics Magick supports creating files in heic format. It reads them with no trouble, can convert to any of the supported formats, just can't write them. Live and learn, I guess.

Others of the multitude of supported formats convert and display back and forth with no issues - at least the ones I tried did. There were no installation issues with the tainted version, either.

This one is good to go, too.
Comment 6 Herman Viaene 2026-03-19 10:17:48 CET 
Agree, let's go.

Flags: (none) => test_passed_mga9_64+
CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

Comment 7 Thomas Andrews 2026-03-19 14:51:53 CET 
I was waiting for Len's test of the tainted version of imagemagick. Comment 2 was just about the core version.
Comment 8 Herman Viaene 2026-03-19 16:00:07 CET 
MGA9-64 server Plasma Wayland on Compaq H000SB
Installed tainted versions and took inspiration from previous tests of Len and myself.
$ convert IMG_1251.jpg test.png
$ convert IMG_1251.jpg -background grey44 -vignette 0x5  test2.gif
$ mogrify -rotate 270  IMG_1259.jpg
$ mogrify -rotate 90  IMG_1259.jpg
$ convert IMG_1259.jpg IMG_1259.tiff
$ identify IMG_1259.tiff
IMG_1259.tiff TIFF 4608x3456 4608x3456+0+0 8-bit sRGB 45.567MiB 0.000u 0:00.001
$ convert -resize 120%x80%   IMG_1259.tiff tine.jpg
[tester9@mach3 20140119NieuwjaarViaene]tine.jpg JPEG 5530x2765 5530x2765+0+0 8-bit sRGB 3.20563MiB 0.000u 0:00.001
gm convert IMG_1271.jpg IMG_1271.tiff
gm convert: IMG_1271.tiff: Invalid tag "Predictor" (not supported by codec). (_TIFFVGetField).
This is the same as in my previous update test. The generated file displays OK, so no regression.
$ gm display IMG_1272.jpg
I see the image correctly and can apply solarization effect
$ gm convert -magnify tine.jpg ti2x.jpg
$ gm convert -resize 300%  tine.jpg ti3x.jpg
All expected effects and correct displays.
Comment 9 Thomas Andrews 2026-03-19 17:02:51 CET 
OK, validating.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

Comment 10 Mageia Robot 2026-03-19 19:05:43 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0060.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.