SUSE-SU-2026:0854-1
- Source
- https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0854-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:0854-1
- Upstream
- Related
- Published
- 2026-03-09T15:34:51Z
- Modified
- 2026-03-11T07:38:24.416036Z
- Summary
- Security update for ImageMagick
- Details
-
This update for ImageMagick fixes the following issues:
- CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790).
- CVE-2026-24485: denial of service via malformed PCD file processing (bsc#1258791).
- CVE-2026-25576: Out of bounds read in multiple coders that read raw pixel data (bsc#1258748).
- CVE-2026-25795: Denial of Service due to NULL pointer dereference during temporary file creation failure (bsc#1258792).
- CVE-2026-25796: Memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths (bsc#1258757).
- CVE-2026-25797: Code injection in various encoders (bsc#1258770).
- CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash (bsc#1258786).
- CVE-2026-25966: Security Policy Bypass through config/policy-secure.xml via 'fd handler' leads to stdin/stdout access (bsc#1258780).
- CVE-2026-25983: Denial of service via crafted MSL script (bsc#1258805).
- CVE-2026-25987: Memory disclosure and denial of service via crafted MAP files (bsc#1258821).
- CVE-2026-25988: Denial of Service due to memory leak in image processing (bsc#1258810).
- CVE-2026-26066: Infinite loop when writing IPTCTEXT leads to denial of service via crafted profile (bsc#1258769).
- CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read (bsc#1258765).
- CVE-2026-26983: Invalid MSL <map> can result in a use after free (bsc#1258763).
- CVE-2026-27799: ImageMagick has a heap Buffer Over-read in its DJVU image format handler (bsc#1259017).
- References
-
- https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/
- https://bugzilla.suse.com/1258748
- https://bugzilla.suse.com/1258757
- https://bugzilla.suse.com/1258763
- https://bugzilla.suse.com/1258765
- https://bugzilla.suse.com/1258769
- https://bugzilla.suse.com/1258770
- https://bugzilla.suse.com/1258780
- https://bugzilla.suse.com/1258786
- https://bugzilla.suse.com/1258790
- https://bugzilla.suse.com/1258791
- https://bugzilla.suse.com/1258792
- https://bugzilla.suse.com/1258805
- https://bugzilla.suse.com/1258810
- https://bugzilla.suse.com/1258821
- https://bugzilla.suse.com/1259017
- https://www.suse.com/security/cve/CVE-2026-24484
- https://www.suse.com/security/cve/CVE-2026-24485
- https://www.suse.com/security/cve/CVE-2026-25576
- https://www.suse.com/security/cve/CVE-2026-25795
- https://www.suse.com/security/cve/CVE-2026-25796
- https://www.suse.com/security/cve/CVE-2026-25797
- https://www.suse.com/security/cve/CVE-2026-25799
- https://www.suse.com/security/cve/CVE-2026-25966
- https://www.suse.com/security/cve/CVE-2026-25983
- https://www.suse.com/security/cve/CVE-2026-25987
- https://www.suse.com/security/cve/CVE-2026-25988
- https://www.suse.com/security/cve/CVE-2026-26066
- https://www.suse.com/security/cve/CVE-2026-26284
- https://www.suse.com/security/cve/CVE-2026-26983
- https://www.suse.com/security/cve/CVE-2026-27799
Affected packages
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / ImageMagick
Package
- Name
- ImageMagick
- Purl
- pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.8.8.1-71.231.1
Ecosystem specific
{
"binaries": [
{
"libMagickWand-6_Q16-1": "6.8.8.1-71.231.1",
"libMagickCore-6_Q16-1": "6.8.8.1-71.231.1",
"ImageMagick-devel": "6.8.8.1-71.231.1",
"ImageMagick-config-6-SUSE": "6.8.8.1-71.231.1",
"libMagick++-devel": "6.8.8.1-71.231.1",
"ImageMagick-config-6-upstream": "6.8.8.1-71.231.1"
}
]
}