Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:02510-1

Опубликовано: 24 июл. 2025
Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

  • CVE-2025-53014: Fixed an off-by-one error may cause an out-of-bounds memory access (bsc#1246530)
  • CVE-2025-53019: Fixed format specifiers in a filename template may cause a memory leak (bsc#1246534)
  • CVE-2025-53101: Fixed input manipulation may lead to an out-of-bound write (bsc#1246529)

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP6
ImageMagick-config-7-upstream-7.1.0.9-150400.6.33.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
ImageMagick-config-7-upstream-7.1.0.9-150400.6.33.1

Ссылки

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.33.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.33.1
Ссылки

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.33.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.33.1
Ссылки

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.33.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.33.1
Ссылки