Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- CVE-2025-57807: heap out-of-bounds write can lead to memory corruption (bsc#1249362).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
ImageMagick-7.1.1.21-150600.3.23.1
ImageMagick-config-7-SUSE-7.1.1.21-150600.3.23.1
ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.23.1
ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.23.1
ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.23.1
ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.23.1
ImageMagick-devel-7.1.1.21-150600.3.23.1
libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.23.1
libMagick++-devel-7.1.1.21-150600.3.23.1
libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.23.1
libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.23.1
SUSE Linux Enterprise Module for Development Tools 15 SP6
perl-PerlMagick-7.1.1.21-150600.3.23.1
openSUSE Leap 15.6
ImageMagick-7.1.1.21-150600.3.23.1
ImageMagick-config-7-SUSE-7.1.1.21-150600.3.23.1
ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.23.1
ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.23.1
ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.23.1
ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.23.1
ImageMagick-devel-7.1.1.21-150600.3.23.1
ImageMagick-devel-32bit-7.1.1.21-150600.3.23.1
ImageMagick-doc-7.1.1.21-150600.3.23.1
ImageMagick-extra-7.1.1.21-150600.3.23.1
libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.23.1
libMagick++-7_Q16HDRI5-32bit-7.1.1.21-150600.3.23.1
libMagick++-devel-7.1.1.21-150600.3.23.1
libMagick++-devel-32bit-7.1.1.21-150600.3.23.1
libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.23.1
libMagickCore-7_Q16HDRI10-32bit-7.1.1.21-150600.3.23.1
libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.23.1
libMagickWand-7_Q16HDRI10-32bit-7.1.1.21-150600.3.23.1
perl-PerlMagick-7.1.1.21-150600.3.23.1
Ссылки
- Link for SUSE-SU-2025:03509-1
- E-Mail link for SUSE-SU-2025:03509-1
- SUSE Security Ratings
- SUSE Bug 1249362
- SUSE CVE CVE-2025-57807 page
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset >> extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2^64 arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-7.1.1.21-150600.3.23.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-SUSE-7.1.1.21-150600.3.23.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.23.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.23.1
Ссылки
- CVE-2025-57807
- SUSE Bug 1249362