Vulnerabilities 2026

ImageMagick multiple vulnerabilities (PDO23717)

First published: 01 April 2026 (restricted disclosure)

Last update: 23 April 2026

ID: PDO23717

Affected Components:

• All Fabasoft Folio/eGov-Suite versions up to and including 2026 April Release

Severity: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N, Base Score: 8.6

Status: Final

CVEs: CVE-2026-23876, CVE-2026-24481, CVE-2026-24485, CVE-2026-25794, CVE-2026-25965, CVE-2026-25967, CVE-2026-25968, CVE-2026-25985, CVE-2026-25989, CVE-2026-28494, CVE-2026-28691, CVE-2026-28693, CVE-2026-30929, CVE-2026-33901, CVE-2026-33908

Summary

In the third-party library ImageMagick multiple security vulnerabilities have been discovered that may potentially allow attackers to trigger denial-of-service (DoS) conditions, access unintended local files or exploit memory corruption issues, including buffer overflows and out-of-bounds reads/writes.

In particular circumstances an attacker may be able to exploit these vulnerabilities in Fabasoft Folio/eGov-Suite.

The CVEs listed in this advisory are limited to those rated CVSSv3.1 7.0 or higher by ImageMagick. The severity indicated reflects the highest score among these vulnerabilities.

Impact

According to the information provided by ImageMagick, in the most severe cases the vulnerabilities could potentially lead to crashes, unauthorized read of data or remote code execution.

Remediation

The vulnerability can be remediated by installing a hotfix provided by Fabasoft.

Hotfix information

Fabasoft provides hotfixes for the following Fabasoft eGov-Suite versions, these can be download directly if an embedded link has been provided in this list. If you need assistance, please contact Fabasoft 3rd Level Support:

• Fabasoft eGov-Suite 2025 (25.0.0.323)
• Fabasoft Folio/eGov-Suite 2025 Update Rollup 1 (25.0.1.60)
• Fabasoft Folio/eGov-Suite 2025 Update Rollup 2 (25.0.2.44)
• Fabasoft eGov-Suite 2025 September Release (25.9.0.394)
• Fabasoft Folio/eGov-Suite 2026 (26.0.0.203)
• Fabasoft eGov-Suite 2026 April Release (26.4.0.335)

The fix for this vulnerability is already included with the following and newer versions:

• Fabasoft eGov-Suite 2026 June Release

OpenSSL stack buffer overflow vulnerability (PDO23173)

First published: 05 February 2026 (restricted disclosure)

Last update: 06 February 2026

ID: PDO23173

Affected Components:

• All Fabasoft Folio/eGov-Suite versions from 2023 up to and including 2026

Severity: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, Base Score: 9.8

Status: Final

CVEs: CVE-2025-15467

Summary

In the third-party library OpenSSL, a security vulnerability has been identified and classified as CVE-2025-15467 where maliciously crafted parameters can trigger a stack buffer overflow.

In particular circumstances an attacker may be able to exploit this vulnerability in Fabasoft Folio/eGov-Suite.

Impact

According to OpenSSL's information on this vulnerability the stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.

Remediation

The vulnerability can be remediated by installing a hotfix provided by Fabasoft.

Hotfix information

Fabasoft provides hotfixes for the following Fabasoft eGov-Suite versions, these can be download directly if an embedded link has been provided in this list, otherwise please contact Fabasoft 3rd Level Support:

• Fabasoft Folio / eGov-Suite 2023 Update Rollup 3 (23.0.3.75)
• Fabasoft Folio / eGov-Suite 2024 Update Rollup 3 (24.0.3.54)
• Fabasoft Folio / eGov-Suite 2025 (25.0.0.319)
• Fabasoft Folio / eGov-Suite 2025 Update Rollup 1 (25.0.1.55)
• Fabasoft Folio / eGov-Suite 2025 Update Rollup 2 (25.0.2.38)
• Fabasoft Folio / eGov-Suite 2026 (26.0.0.115)

The fix for this vulnerability is already included with the following and newer versions:

• Fabasoft eGov-Suite 2026 April Release
• Fabasoft Folio / eGov-Suite 2026 Update Rollup 1