Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
- CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage (bsc#1248078).
- CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
- CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing only a colon to
montage -geometry(bsc#1248767). - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
- CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Ссылки
- Link for SUSE-SU-2025:03150-1
- E-Mail link for SUSE-SU-2025:03150-1
- SUSE Security Ratings
- SUSE Bug 1248077
- SUSE Bug 1248078
- SUSE Bug 1248079
- SUSE Bug 1248767
- SUSE Bug 1248780
- SUSE Bug 1248784
- SUSE CVE CVE-2025-55005 page
- SUSE CVE CVE-2025-55154 page
- SUSE CVE CVE-2025-55160 page
- SUSE CVE CVE-2025-55212 page
- SUSE CVE CVE-2025-55298 page
- SUSE CVE CVE-2025-57803 page
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1.
Затронутые продукты
Ссылки
- CVE-2025-55005
- SUSE Bug 1248077
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.
Затронутые продукты
Ссылки
- CVE-2025-55154
- SUSE Bug 1248078
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.
Затронутые продукты
Ссылки
- CVE-2025-55160
- SUSE Bug 1248079
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
Затронутые продукты
Ссылки
- CVE-2025-55212
- SUSE Bug 1248767
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
Затронутые продукты
Ссылки
- CVE-2025-55298
- SUSE Bug 1248780
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder's scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
Затронутые продукты
Ссылки
- CVE-2025-57803
- SUSE Bug 1248784