Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- CVE-2026-22770: improper pointer initialization can cause denial of service (bsc#1256969).
- CVE-2026-23874: manipulation of digital images can lead to stack overflow (bsc#1256976).
- CVE-2026-23876: maliciously crafted image can lead to heap buffer overflow (bsc#1256962).
- CVE-2026-23952: processing comment tag can cause null pointer dereference (bsc#1257076).
Список пакетов
SUSE Linux Enterprise Server 15 SP6-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP6
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2026:0438-1
- E-Mail link for SUSE-SU-2026:0438-1
- SUSE Security Ratings
- SUSE Bug 1256962
- SUSE Bug 1256969
- SUSE Bug 1256976
- SUSE Bug 1257076
- SUSE CVE CVE-2026-22770 page
- SUSE CVE CVE-2026-23874 page
- SUSE CVE CVE-2026-23876 page
- SUSE CVE CVE-2026-23952 page
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue.
Затронутые продукты
Ссылки
- CVE-2026-22770
- SUSE Bug 1256969
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL format. Version 7.1.2-13 fixes the issue.
Затронутые продукты
Ссылки
- CVE-2026-23874
- SUSE Bug 1256976
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue.
Затронутые продукты
Ссылки
- CVE-2026-23876
- SUSE Bug 1256962
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.
Затронутые продукты
Ссылки
- CVE-2026-23952
- SUSE Bug 1257076