HCE2-SA-2022-0026 Moderate HCE 2.0 Security Fix(es): A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. (CVE-2022-1115) In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719) HCE 2.0 ImageMagick-7.1.0.28-3.hce2.aarch64.rpm ImageMagick-7.1.0.28-3.hce2.x86_64.rpm