Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790).
- CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446).
- CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447).
- CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448).
- CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450).
- CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451).
- CVE-2026-28689:
domain="path"authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452). - CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456).
- CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455).
- CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457).
- CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of-bounds read or write (bsc#1259466).
- CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467).
- CVE-2026-30929: improper use of fixed-size stack buffer in
MagnifyImagecan lead to a stack buffer overflow (bsc#1259468). - CVE-2026-30931: value truncation in the UHDR encoder can lead to a heap buffer overflow (bsc#1259469).
- CVE-2026-30935: heap-based buffer over-read in BilateralBlurImage (bsc#1259497).
- CVE-2026-30936: heap Buffer Overflow in WaveletDenoiseImage (bsc#1259464).
- CVE-2026-30937: heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463).
- CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528).
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1258790
- SUSE Bug 1259446
- SUSE Bug 1259447
- SUSE Bug 1259448
- SUSE Bug 1259450
- SUSE Bug 1259451
- SUSE Bug 1259452
- SUSE Bug 1259455
- SUSE Bug 1259456
- SUSE Bug 1259457
- SUSE Bug 1259463
- SUSE Bug 1259464
- SUSE Bug 1259466
- SUSE Bug 1259467
- SUSE Bug 1259468
- SUSE Bug 1259469
- SUSE Bug 1259497
- SUSE Bug 1259528
- SUSE CVE CVE-2026-24484 page
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Затронутые продукты
Ссылки
- CVE-2026-24484
- SUSE Bug 1258790
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted image. This vulnerability is fixed in 7.1.2-16.
Затронутые продукты
Ссылки
- CVE-2026-28493
- SUSE Bug 1259446
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Затронутые продукты
Ссылки
- CVE-2026-28494
- SUSE Bug 1259447
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Затронутые продукты
Ссылки
- CVE-2026-28686
- SUSE Bug 1259448
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Затронутые продукты
Ссылки
- CVE-2026-28687
- SUSE Bug 1259450
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Затронутые продукты
Ссылки
- CVE-2026-28688
- SUSE Bug 1259451
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Затронутые продукты
Ссылки
- CVE-2026-28689
- SUSE Bug 1259452
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Затронутые продукты
Ссылки
- CVE-2026-28690
- SUSE Bug 1259456
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Затронутые продукты
Ссылки
- CVE-2026-28691
- SUSE Bug 1259455
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Затронутые продукты
Ссылки
- CVE-2026-28692
- SUSE Bug 1259457
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Затронутые продукты
Ссылки
- CVE-2026-28693
- SUSE Bug 1259466
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Затронутые продукты
Ссылки
- CVE-2026-30883
- SUSE Bug 1259467
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Затронутые продукты
Ссылки
- CVE-2026-30929
- SUSE Bug 1259468
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. This vulnerability is fixed in 7.1.2-16.
Затронутые продукты
Ссылки
- CVE-2026-30931
- SUSE Bug 1259469
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds read can occur. This vulnerability is fixed in 7.1.2-16.
Затронутые продукты
Ссылки
- CVE-2026-30935
- SUSE Bug 1259497
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Затронутые продукты
Ссылки
- CVE-2026-30936
- SUSE Bug 1259464
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Затронутые продукты
Ссылки
- CVE-2026-30937
- SUSE Bug 1259463
Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Затронутые продукты
Ссылки
- CVE-2026-31853
- SUSE Bug 1259528