Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:02801-1

Опубликовано: 14 авг. 2025
Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

  • CVE-2025-53014: Fixed an off-by-one error may cause an out-of-bounds memory access (bsc#1246530)
  • CVE-2025-53015: Fixed specific XMP file conversion may cause an infinite loop (bsc#1246531)
  • CVE-2025-53019: Fixed format specifiers in a filename template may cause a memory leak (bsc#1246534)
  • CVE-2025-53101: Fixed input manipulation may lead to an out-of-bound write (bsc#1246529)

Other fix:

  • Crop filename pattern %03d no longer works in ImageMagick 7 (bsc#1247475)

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP7
ImageMagick-7.1.1.43-150700.3.8.1
ImageMagick-config-7-SUSE-7.1.1.43-150700.3.8.1
ImageMagick-config-7-upstream-limited-7.1.1.43-150700.3.8.1
ImageMagick-config-7-upstream-open-7.1.1.43-150700.3.8.1
ImageMagick-config-7-upstream-secure-7.1.1.43-150700.3.8.1
ImageMagick-config-7-upstream-websafe-7.1.1.43-150700.3.8.1
ImageMagick-devel-7.1.1.43-150700.3.8.1
libMagick++-7_Q16HDRI5-7.1.1.43-150700.3.8.1
libMagick++-devel-7.1.1.43-150700.3.8.1
libMagickCore-7_Q16HDRI10-7.1.1.43-150700.3.8.1
libMagickWand-7_Q16HDRI10-7.1.1.43-150700.3.8.1
SUSE Linux Enterprise Module for Development Tools 15 SP7
perl-PerlMagick-7.1.1.43-150700.3.8.1

Ссылки

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-7.1.1.43-150700.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-SUSE-7.1.1.43-150700.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-limited-7.1.1.43-150700.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-open-7.1.1.43-150700.3.8.1
Ссылки

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-7.1.1.43-150700.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-SUSE-7.1.1.43-150700.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-limited-7.1.1.43-150700.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-open-7.1.1.43-150700.3.8.1
Ссылки

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-7.1.1.43-150700.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-SUSE-7.1.1.43-150700.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-limited-7.1.1.43-150700.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-open-7.1.1.43-150700.3.8.1
Ссылки

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-7.1.1.43-150700.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-SUSE-7.1.1.43-150700.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-limited-7.1.1.43-150700.3.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-open-7.1.1.43-150700.3.8.1
Ссылки
Уязвимость SUSE-SU-2025:02801-1