SUSE-SU-2026:1598-1
- Source
- https://www.suse.com/support/update/announcement/2026/suse-su-20261598-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1598-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:1598-1
- Upstream
- Related
- Published
- 2026-04-24T11:44:43Z
- Modified
- 2026-04-25T07:45:38.876454Z
- Summary
- Security update for ImageMagick
- Details
-
This update for ImageMagick fixes the following issues:
- CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing (bsc#1262154).
- CVE-2026-33900: Denial of Service via integer truncation in viff encoder (bsc#1262156).
- CVE-2026-33901: Denial of Service due to heap buffer overflow in MVG decoder (bsc#1262155).
- CVE-2026-33902: Denial of Service via deeply nested expression in FX parser (bsc#1262153).
- CVE-2026-33905: Denial of service via out-of-bounds read in -sample operation (bsc#1262097).
- CVE-2026-33908: Denial of Service via deeply nested XML file processing (bsc#1262152).
- CVE-2026-34238: Denial of Service via integer overflow in despeckle operation (bsc#1262147).
- CVE-2026-40169: Denial of Service via crafted image leading to out-of-bounds write (bsc#1262150).
- CVE-2026-40183: Denial of Service via heap write overflow in JXL encoder (bsc#1262145).
- CVE-2026-40310: Denial of service via heap out-of-bounds write in JP2 encoder (bsc#1262148).
- CVE-2026-40311: Denial of Service via heap use-after-free in XMP profile processing (bsc#1262146).
- CVE-2026-40312: Denial of Service via malicious MSL file processing (bsc#1262149).
- References
-
- https://www.suse.com/support/update/announcement/2026/suse-su-20261598-1/
- https://bugzilla.suse.com/1262097
- https://bugzilla.suse.com/1262145
- https://bugzilla.suse.com/1262146
- https://bugzilla.suse.com/1262147
- https://bugzilla.suse.com/1262148
- https://bugzilla.suse.com/1262149
- https://bugzilla.suse.com/1262150
- https://bugzilla.suse.com/1262152
- https://bugzilla.suse.com/1262153
- https://bugzilla.suse.com/1262154
- https://bugzilla.suse.com/1262155
- https://bugzilla.suse.com/1262156
- https://www.suse.com/security/cve/CVE-2026-33899
- https://www.suse.com/security/cve/CVE-2026-33900
- https://www.suse.com/security/cve/CVE-2026-33901
- https://www.suse.com/security/cve/CVE-2026-33902
- https://www.suse.com/security/cve/CVE-2026-33905
- https://www.suse.com/security/cve/CVE-2026-33908
- https://www.suse.com/security/cve/CVE-2026-34238
- https://www.suse.com/security/cve/CVE-2026-40169
- https://www.suse.com/security/cve/CVE-2026-40183
- https://www.suse.com/security/cve/CVE-2026-40310
- https://www.suse.com/security/cve/CVE-2026-40311
- https://www.suse.com/security/cve/CVE-2026-40312
Affected packages
SUSE:Linux Enterprise Module for Desktop Applications 15 SP7
ImageMagick
Package
- Name
- ImageMagick
- Purl
- pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.1.1.43-150700.3.47.1
Ecosystem specific
{
"binaries": [
{
"libMagickCore-7_Q16HDRI10": "7.1.1.43-150700.3.47.1",
"ImageMagick-devel": "7.1.1.43-150700.3.47.1",
"ImageMagick-config-7-upstream-websafe": "7.1.1.43-150700.3.47.1",
"ImageMagick-config-7-upstream-secure": "7.1.1.43-150700.3.47.1",
"ImageMagick": "7.1.1.43-150700.3.47.1",
"libMagickWand-7_Q16HDRI10": "7.1.1.43-150700.3.47.1",
"ImageMagick-config-7-upstream-open": "7.1.1.43-150700.3.47.1",
"libMagick++-devel": "7.1.1.43-150700.3.47.1",
"ImageMagick-config-7-SUSE": "7.1.1.43-150700.3.47.1",
"ImageMagick-config-7-upstream-limited": "7.1.1.43-150700.3.47.1",
"libMagick++-7_Q16HDRI5": "7.1.1.43-150700.3.47.1"
}
]
}