Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2026:0384-1

Опубликовано: 04 фев. 2026
Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

  • CVE-2026-23874: manipulation of digital images can lead to stack overflow (bsc#1256976).
  • CVE-2026-23876: maliciously crafted image can lead to heap buffer overflow (bsc#1256962).
  • CVE-2026-23952: processing comment tag can cause null pointer dereference (bsc#1257076).

Список пакетов

SUSE Linux Enterprise Server 12 SP5-LTSS
ImageMagick-config-6-SUSE-6.8.8.1-71.227.1
ImageMagick-config-6-upstream-6.8.8.1-71.227.1
ImageMagick-devel-6.8.8.1-71.227.1
libMagick++-devel-6.8.8.1-71.227.1
libMagickCore-6_Q16-1-6.8.8.1-71.227.1
libMagickWand-6_Q16-1-6.8.8.1-71.227.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
ImageMagick-config-6-SUSE-6.8.8.1-71.227.1
ImageMagick-config-6-upstream-6.8.8.1-71.227.1
ImageMagick-devel-6.8.8.1-71.227.1
libMagick++-devel-6.8.8.1-71.227.1
libMagickCore-6_Q16-1-6.8.8.1-71.227.1
libMagickWand-6_Q16-1-6.8.8.1-71.227.1

Ссылки

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL format. Version 7.1.2-13 fixes the issue.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:ImageMagick-config-6-SUSE-6.8.8.1-71.227.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ImageMagick-config-6-upstream-6.8.8.1-71.227.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ImageMagick-devel-6.8.8.1-71.227.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libMagick++-devel-6.8.8.1-71.227.1
Ссылки

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:ImageMagick-config-6-SUSE-6.8.8.1-71.227.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ImageMagick-config-6-upstream-6.8.8.1-71.227.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ImageMagick-devel-6.8.8.1-71.227.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libMagick++-devel-6.8.8.1-71.227.1
Ссылки

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:ImageMagick-config-6-SUSE-6.8.8.1-71.227.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ImageMagick-config-6-upstream-6.8.8.1-71.227.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ImageMagick-devel-6.8.8.1-71.227.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libMagick++-devel-6.8.8.1-71.227.1
Ссылки