ALAS2023-2026-1361

Amazon Linux 2023 Security Advisory: ALAS2023-2026-1361
Advisory Released Date: 2026-01-23
Advisory Updated Date: 2026-01-23

Severity: Medium

References: CVE-2025-68618 CVE-2025-68950 CVE-2025-69204
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue. (CVE-2025-68618)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue. (CVE-2025-68950)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue. (CVE-2025-69204)

Affected Packages:

ImageMagick

Issue Correction:
Run dnf update ImageMagick --releasever 2023.10.20260120 or dnf update --advisory ALAS2023-2026-1361 --releasever 2023.10.20260120 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

aarch64:
    ImageMagick-c++-debuginfo-6.9.13.29-1.amzn2023.0.4.aarch64
    ImageMagick-debugsource-6.9.13.29-1.amzn2023.0.4.aarch64
    ImageMagick-debuginfo-6.9.13.29-1.amzn2023.0.4.aarch64
    ImageMagick-perl-debuginfo-6.9.13.29-1.amzn2023.0.4.aarch64
    ImageMagick-6.9.13.29-1.amzn2023.0.4.aarch64
    ImageMagick-c++-devel-6.9.13.29-1.amzn2023.0.4.aarch64
    ImageMagick-doc-6.9.13.29-1.amzn2023.0.4.aarch64
    ImageMagick-devel-6.9.13.29-1.amzn2023.0.4.aarch64
    ImageMagick-perl-6.9.13.29-1.amzn2023.0.4.aarch64
    ImageMagick-c++-6.9.13.29-1.amzn2023.0.4.aarch64
    ImageMagick-libs-6.9.13.29-1.amzn2023.0.4.aarch64
    ImageMagick-libs-debuginfo-6.9.13.29-1.amzn2023.0.4.aarch64

src:
    ImageMagick-6.9.13.29-1.amzn2023.0.4.src

x86_64:
    ImageMagick-c++-debuginfo-6.9.13.29-1.amzn2023.0.4.x86_64
    ImageMagick-debugsource-6.9.13.29-1.amzn2023.0.4.x86_64
    ImageMagick-perl-6.9.13.29-1.amzn2023.0.4.x86_64
    ImageMagick-perl-debuginfo-6.9.13.29-1.amzn2023.0.4.x86_64
    ImageMagick-6.9.13.29-1.amzn2023.0.4.x86_64
    ImageMagick-debuginfo-6.9.13.29-1.amzn2023.0.4.x86_64
    ImageMagick-c++-devel-6.9.13.29-1.amzn2023.0.4.x86_64
    ImageMagick-doc-6.9.13.29-1.amzn2023.0.4.x86_64
    ImageMagick-devel-6.9.13.29-1.amzn2023.0.4.x86_64
    ImageMagick-c++-6.9.13.29-1.amzn2023.0.4.x86_64
    ImageMagick-libs-debuginfo-6.9.13.29-1.amzn2023.0.4.x86_64
    ImageMagick-libs-6.9.13.29-1.amzn2023.0.4.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-68618, CVE-2025-68950, CVE-2025-69204

Mitre: CVE-2025-68618, CVE-2025-68950, CVE-2025-69204