Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- CVE-2025-68618: read a malicious SVG file may result in a DoS attack (bsc#1255821).
- CVE-2025-68950: check for circular references in mvg files may lead to stack overflow (bsc#1255822).
- CVE-2025-69204: an integer overflow can lead to a DoS attack (bsc#1255823).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
SUSE Linux Enterprise Module for Development Tools 15 SP7
Ссылки
- Link for SUSE-SU-2026:0073-1
- E-Mail link for SUSE-SU-2026:0073-1
- SUSE Security Ratings
- SUSE Bug 1255821
- SUSE Bug 1255822
- SUSE Bug 1255823
- SUSE CVE CVE-2025-68618 page
- SUSE CVE CVE-2025-68950 page
- SUSE CVE CVE-2025-69204 page
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.
Затронутые продукты
Ссылки
- CVE-2025-68618
- SUSE Bug 1255821
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue.
Затронутые продукты
Ссылки
- CVE-2025-68950
- SUSE Bug 1255822
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.
Затронутые продукты
Ссылки
- CVE-2025-69204
- SUSE Bug 1255823