Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:02511-1

Опубликовано: 24 июл. 2025
Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

  • CVE-2025-53014: Fixed an off-by-one error may cause an out-of-bounds memory access (bsc#1246530)
  • CVE-2025-53015: Fixed specific XMP file conversion may cause an infinite loop (bsc#1246531)
  • CVE-2025-53019: Fixed format specifiers in a filename template may cause a memory leak (bsc#1246534)
  • CVE-2025-53101: Fixed input manipulation may lead to an out-of-bound write (bsc#1246529)

Changed policies:

* allow ImageMagick to read it's own files again (bsc#1246065)

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP6
ImageMagick-7.1.1.21-150600.3.13.1
ImageMagick-config-7-SUSE-7.1.1.21-150600.3.13.1
ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.13.1
ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.13.1
ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.13.1
ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.13.1
ImageMagick-devel-7.1.1.21-150600.3.13.1
libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.13.1
libMagick++-devel-7.1.1.21-150600.3.13.1
libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.13.1
libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.13.1
SUSE Linux Enterprise Module for Development Tools 15 SP6
perl-PerlMagick-7.1.1.21-150600.3.13.1
openSUSE Leap 15.6
ImageMagick-7.1.1.21-150600.3.13.1
ImageMagick-config-7-SUSE-7.1.1.21-150600.3.13.1
ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.13.1
ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.13.1
ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.13.1
ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.13.1
ImageMagick-devel-7.1.1.21-150600.3.13.1
ImageMagick-devel-32bit-7.1.1.21-150600.3.13.1
ImageMagick-doc-7.1.1.21-150600.3.13.1
ImageMagick-extra-7.1.1.21-150600.3.13.1
libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.13.1
libMagick++-7_Q16HDRI5-32bit-7.1.1.21-150600.3.13.1
libMagick++-devel-7.1.1.21-150600.3.13.1
libMagick++-devel-32bit-7.1.1.21-150600.3.13.1
libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.13.1
libMagickCore-7_Q16HDRI10-32bit-7.1.1.21-150600.3.13.1
libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.13.1
libMagickWand-7_Q16HDRI10-32bit-7.1.1.21-150600.3.13.1
perl-PerlMagick-7.1.1.21-150600.3.13.1

Ссылки

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-7.1.1.21-150600.3.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-SUSE-7.1.1.21-150600.3.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.13.1
Ссылки

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-7.1.1.21-150600.3.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-SUSE-7.1.1.21-150600.3.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.13.1
Ссылки

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-7.1.1.21-150600.3.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-SUSE-7.1.1.21-150600.3.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.13.1
Ссылки

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-7.1.1.21-150600.3.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-SUSE-7.1.1.21-150600.3.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.13.1
Ссылки
Уязвимость SUSE-SU-2025:02511-1