ImageMagick-7.1.2.2-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15498-1 Final 1 1 2025-08-28T00:00:00Z current 2025-08-28T00:00:00Z 2025-08-28T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ImageMagick-7.1.2.2-2.1 on GA media These are all security issues fixed in the ImageMagick-7.1.2.2-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15498 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-55212/ SUSE CVE CVE-2025-55212 page https://www.suse.com/security/cve/CVE-2025-55298/ SUSE CVE CVE-2025-55298 page https://www.suse.com/security/cve/CVE-2025-57803/ SUSE CVE CVE-2025-57803 page openSUSE Tumbleweed ImageMagick-7.1.2.2-2.1 ImageMagick-config-7-SUSE-7.1.2.2-2.1 ImageMagick-devel-7.1.2.2-2.1 ImageMagick-devel-32bit-7.1.2.2-2.1 ImageMagick-doc-7.1.2.2-2.1 ImageMagick-extra-7.1.2.2-2.1 libMagick++-7_Q16HDRI5-7.1.2.2-2.1 libMagick++-7_Q16HDRI5-32bit-7.1.2.2-2.1 libMagick++-devel-7.1.2.2-2.1 libMagick++-devel-32bit-7.1.2.2-2.1 libMagickCore-7_Q16HDRI10-7.1.2.2-2.1 libMagickCore-7_Q16HDRI10-32bit-7.1.2.2-2.1 libMagickWand-7_Q16HDRI10-7.1.2.2-2.1 libMagickWand-7_Q16HDRI10-32bit-7.1.2.2-2.1 perl-PerlMagick-7.1.2.2-2.1 ImageMagick-7.1.2.2-2.1 as a component of openSUSE Tumbleweed ImageMagick-config-7-SUSE-7.1.2.2-2.1 as a component of openSUSE Tumbleweed ImageMagick-devel-7.1.2.2-2.1 as a component of openSUSE Tumbleweed ImageMagick-devel-32bit-7.1.2.2-2.1 as a component of openSUSE Tumbleweed ImageMagick-doc-7.1.2.2-2.1 as a component of openSUSE Tumbleweed ImageMagick-extra-7.1.2.2-2.1 as a component of openSUSE Tumbleweed libMagick++-7_Q16HDRI5-7.1.2.2-2.1 as a component of openSUSE Tumbleweed libMagick++-7_Q16HDRI5-32bit-7.1.2.2-2.1 as a component of openSUSE Tumbleweed libMagick++-devel-7.1.2.2-2.1 as a component of openSUSE Tumbleweed libMagick++-devel-32bit-7.1.2.2-2.1 as a component of openSUSE Tumbleweed libMagickCore-7_Q16HDRI10-7.1.2.2-2.1 as a component of openSUSE Tumbleweed libMagickCore-7_Q16HDRI10-32bit-7.1.2.2-2.1 as a component of openSUSE Tumbleweed libMagickWand-7_Q16HDRI10-7.1.2.2-2.1 as a component of openSUSE Tumbleweed libMagickWand-7_Q16HDRI10-32bit-7.1.2.2-2.1 as a component of openSUSE Tumbleweed perl-PerlMagick-7.1.2.2-2.1 as a component of openSUSE Tumbleweed ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2. CVE-2025-55212 openSUSE Tumbleweed:ImageMagick-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.2.2-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.2-2.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:libMagick++-devel-7.1.2.2-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.2-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.2-2.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.2.2-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-55212.html CVE-2025-55212 https://bugzilla.suse.com/1248767 SUSE Bug 1248767 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2. CVE-2025-55298 openSUSE Tumbleweed:ImageMagick-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.2.2-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.2-2.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:libMagick++-devel-7.1.2.2-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.2-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.2-2.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.2.2-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-55298.html CVE-2025-55298 https://bugzilla.suse.com/1248780 SUSE Bug 1248780 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder's scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 x width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2. CVE-2025-57803 openSUSE Tumbleweed:ImageMagick-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.2.2-2.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.2.2-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.2-2.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:libMagick++-devel-7.1.2.2-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.2-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.2-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.2-2.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.2.2-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-57803.html CVE-2025-57803 https://bugzilla.suse.com/1248784 SUSE Bug 1248784