ImageMagick-7.1.2.13-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10119-1 Final 1 1 2026-01-30T00:00:00Z current 2026-01-30T00:00:00Z 2026-01-30T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ImageMagick-7.1.2.13-2.1 on GA media These are all security issues fixed in the ImageMagick-7.1.2.13-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10119 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2026-22770/ SUSE CVE CVE-2026-22770 page https://www.suse.com/security/cve/CVE-2026-23874/ SUSE CVE CVE-2026-23874 page https://www.suse.com/security/cve/CVE-2026-23876/ SUSE CVE CVE-2026-23876 page https://www.suse.com/security/cve/CVE-2026-23952/ SUSE CVE CVE-2026-23952 page openSUSE Tumbleweed ImageMagick-7.1.2.13-2.1 ImageMagick-config-7-SUSE-7.1.2.13-2.1 ImageMagick-devel-7.1.2.13-2.1 ImageMagick-devel-32bit-7.1.2.13-2.1 ImageMagick-doc-7.1.2.13-2.1 ImageMagick-extra-7.1.2.13-2.1 libMagick++-7_Q16HDRI5-7.1.2.13-2.1 libMagick++-7_Q16HDRI5-32bit-7.1.2.13-2.1 libMagick++-devel-7.1.2.13-2.1 libMagick++-devel-32bit-7.1.2.13-2.1 libMagickCore-7_Q16HDRI10-7.1.2.13-2.1 libMagickCore-7_Q16HDRI10-32bit-7.1.2.13-2.1 libMagickWand-7_Q16HDRI10-7.1.2.13-2.1 libMagickWand-7_Q16HDRI10-32bit-7.1.2.13-2.1 perl-PerlMagick-7.1.2.13-2.1 ImageMagick-7.1.2.13-2.1 as a component of openSUSE Tumbleweed ImageMagick-config-7-SUSE-7.1.2.13-2.1 as a component of openSUSE Tumbleweed ImageMagick-devel-7.1.2.13-2.1 as a component of openSUSE Tumbleweed ImageMagick-devel-32bit-7.1.2.13-2.1 as a component of openSUSE Tumbleweed ImageMagick-doc-7.1.2.13-2.1 as a component of openSUSE Tumbleweed ImageMagick-extra-7.1.2.13-2.1 as a component of openSUSE Tumbleweed libMagick++-7_Q16HDRI5-7.1.2.13-2.1 as a component of openSUSE Tumbleweed libMagick++-7_Q16HDRI5-32bit-7.1.2.13-2.1 as a component of openSUSE Tumbleweed libMagick++-devel-7.1.2.13-2.1 as a component of openSUSE Tumbleweed libMagick++-devel-32bit-7.1.2.13-2.1 as a component of openSUSE Tumbleweed libMagickCore-7_Q16HDRI10-7.1.2.13-2.1 as a component of openSUSE Tumbleweed libMagickCore-7_Q16HDRI10-32bit-7.1.2.13-2.1 as a component of openSUSE Tumbleweed libMagickWand-7_Q16HDRI10-7.1.2.13-2.1 as a component of openSUSE Tumbleweed libMagickWand-7_Q16HDRI10-32bit-7.1.2.13-2.1 as a component of openSUSE Tumbleweed perl-PerlMagick-7.1.2.13-2.1 as a component of openSUSE Tumbleweed ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue. CVE-2026-22770 openSUSE Tumbleweed:ImageMagick-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-devel-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.13-2.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.2.13-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22770.html CVE-2026-22770 https://bugzilla.suse.com/1256969 SUSE Bug 1256969 ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL format. Version 7.1.2-13 fixes the issue. CVE-2026-23874 openSUSE Tumbleweed:ImageMagick-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-devel-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.13-2.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.2.13-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-23874.html CVE-2026-23874 https://bugzilla.suse.com/1256976 SUSE Bug 1256976 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue. CVE-2026-23876 openSUSE Tumbleweed:ImageMagick-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-devel-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.13-2.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.2.13-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-23876.html CVE-2026-23876 https://bugzilla.suse.com/1256962 SUSE Bug 1256962 ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2. CVE-2026-23952 openSUSE Tumbleweed:ImageMagick-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.2.13-2.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagick++-devel-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.13-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.13-2.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.2.13-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-23952.html CVE-2026-23952 https://bugzilla.suse.com/1257076 SUSE Bug 1257076