Security update for ImageMagick SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0854-1 Final 1 1 2026-03-09T15:34:51Z current 2026-03-09T15:34:51Z 2026-03-09T15:34:51Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ImageMagick This update for ImageMagick fixes the following issues: - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790). - CVE-2026-24485: denial of service via malformed PCD file processing (bsc#1258791). - CVE-2026-25576: Out of bounds read in multiple coders that read raw pixel data (bsc#1258748). - CVE-2026-25795: Denial of Service due to NULL pointer dereference during temporary file creation failure (bsc#1258792). - CVE-2026-25796: Memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths (bsc#1258757). - CVE-2026-25797: Code injection in various encoders (bsc#1258770). - CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash (bsc#1258786). - CVE-2026-25966: Security Policy Bypass through config/policy-secure.xml via 'fd handler' leads to stdin/stdout access (bsc#1258780). - CVE-2026-25983: Denial of service via crafted MSL script (bsc#1258805). - CVE-2026-25987: Memory disclosure and denial of service via crafted MAP files (bsc#1258821). - CVE-2026-25988: Denial of Service due to memory leak in image processing (bsc#1258810). - CVE-2026-26066: Infinite loop when writing IPTCTEXT leads to denial of service via crafted profile (bsc#1258769). - CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read (bsc#1258765). - CVE-2026-26983: Invalid MSL <map> can result in a use after free (bsc#1258763). - CVE-2026-27799: ImageMagick has a heap Buffer Over-read in its DJVU image format handler (bsc#1259017). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-854,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-854 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ Link for SUSE-SU-2026:0854-1 https://lists.suse.com/pipermail/sle-security-updates/2026-March/024662.html E-Mail link for SUSE-SU-2026:0854-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1258748 SUSE Bug 1258748 https://bugzilla.suse.com/1258757 SUSE Bug 1258757 https://bugzilla.suse.com/1258763 SUSE Bug 1258763 https://bugzilla.suse.com/1258765 SUSE Bug 1258765 https://bugzilla.suse.com/1258769 SUSE Bug 1258769 https://bugzilla.suse.com/1258770 SUSE Bug 1258770 https://bugzilla.suse.com/1258780 SUSE Bug 1258780 https://bugzilla.suse.com/1258786 SUSE Bug 1258786 https://bugzilla.suse.com/1258790 SUSE Bug 1258790 https://bugzilla.suse.com/1258791 SUSE Bug 1258791 https://bugzilla.suse.com/1258792 SUSE Bug 1258792 https://bugzilla.suse.com/1258805 SUSE Bug 1258805 https://bugzilla.suse.com/1258810 SUSE Bug 1258810 https://bugzilla.suse.com/1258821 SUSE Bug 1258821 https://bugzilla.suse.com/1259017 SUSE Bug 1259017 https://www.suse.com/security/cve/CVE-2026-24484/ SUSE CVE CVE-2026-24484 page https://www.suse.com/security/cve/CVE-2026-24485/ SUSE CVE CVE-2026-24485 page https://www.suse.com/security/cve/CVE-2026-25576/ SUSE CVE CVE-2026-25576 page https://www.suse.com/security/cve/CVE-2026-25795/ SUSE CVE CVE-2026-25795 page https://www.suse.com/security/cve/CVE-2026-25796/ SUSE CVE CVE-2026-25796 page https://www.suse.com/security/cve/CVE-2026-25797/ SUSE CVE CVE-2026-25797 page https://www.suse.com/security/cve/CVE-2026-25799/ SUSE CVE CVE-2026-25799 page https://www.suse.com/security/cve/CVE-2026-25966/ SUSE CVE CVE-2026-25966 page https://www.suse.com/security/cve/CVE-2026-25983/ SUSE CVE CVE-2026-25983 page https://www.suse.com/security/cve/CVE-2026-25987/ SUSE CVE CVE-2026-25987 page https://www.suse.com/security/cve/CVE-2026-25988/ SUSE CVE CVE-2026-25988 page https://www.suse.com/security/cve/CVE-2026-26066/ SUSE CVE CVE-2026-26066 page https://www.suse.com/security/cve/CVE-2026-26284/ SUSE CVE CVE-2026-26284 page https://www.suse.com/security/cve/CVE-2026-26983/ SUSE CVE CVE-2026-26983 page https://www.suse.com/security/cve/CVE-2026-27799/ SUSE CVE CVE-2026-27799 page SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 ImageMagick-6.8.8.1-71.231.1 ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 ImageMagick-config-6-upstream-6.8.8.1-71.231.1 ImageMagick-devel-6.8.8.1-71.231.1 ImageMagick-devel-32bit-6.8.8.1-71.231.1 ImageMagick-devel-64bit-6.8.8.1-71.231.1 ImageMagick-doc-6.8.8.1-71.231.1 ImageMagick-extra-6.8.8.1-71.231.1 libMagick++-6_Q16-3-6.8.8.1-71.231.1 libMagick++-6_Q16-3-32bit-6.8.8.1-71.231.1 libMagick++-6_Q16-3-64bit-6.8.8.1-71.231.1 libMagick++-devel-6.8.8.1-71.231.1 libMagick++-devel-32bit-6.8.8.1-71.231.1 libMagick++-devel-64bit-6.8.8.1-71.231.1 libMagickCore-6_Q16-1-6.8.8.1-71.231.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.231.1 libMagickCore-6_Q16-1-64bit-6.8.8.1-71.231.1 libMagickWand-6_Q16-1-6.8.8.1-71.231.1 libMagickWand-6_Q16-1-32bit-6.8.8.1-71.231.1 libMagickWand-6_Q16-1-64bit-6.8.8.1-71.231.1 perl-PerlMagick-6.8.8.1-71.231.1 ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 ImageMagick-config-6-upstream-6.8.8.1-71.231.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 ImageMagick-devel-6.8.8.1-71.231.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libMagick++-devel-6.8.8.1-71.231.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libMagickCore-6_Q16-1-6.8.8.1-71.231.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libMagickWand-6_Q16-1-6.8.8.1-71.231.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch. CVE-2026-24484 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-24484.html CVE-2026-24484 https://bugzilla.suse.com/1258790 SUSE Bug 1258790 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch. CVE-2026-24485 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-24485.html CVE-2026-24485 https://bugzilla.suse.com/1258791 SUSE Bug 1258791 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch. CVE-2026-25576 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-25576.html CVE-2026-25576 https://bugzilla.suse.com/1258748 SUSE Bug 1258748 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch. CVE-2026-25795 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-25795.html CVE-2026-25795 https://bugzilla.suse.com/1258792 SUSE Bug 1258792 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch. CVE-2026-25796 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-25796.html CVE-2026-25796 https://bugzilla.suse.com/1258757 SUSE Bug 1258757 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicous file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed. The html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and injection arbitrary html code. Versions 7.1.2-15 and 6.9.13-40 contain a patch. CVE-2026-25797 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-25797.html CVE-2026-25797 https://bugzilla.suse.com/1258770 SUSE Bug 1258770 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-40 contain a patch. CVE-2026-25799 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-25799.html CVE-2026-25799 https://bugzilla.suse.com/1258786 SUSE Bug 1258786 ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd:<n> pseudo-filenames (e.g., fd:0, fd:1). Prior to versions 7.1.2-15 and 6.9.13-40, this path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of "no stdin/stdout." Versions 7.1.2-15 and 6.9.13-40 contain a patch by including a change to the more secure policies by default. As a workaround, add the change to one's security policy manually. CVE-2026-25966 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-25966.html CVE-2026-25966 https://bugzilla.suse.com/1258780 SUSE Bug 1258780 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch. CVE-2026-25983 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-25983.html CVE-2026-25983 https://bugzilla.suse.com/1258805 SUSE Bug 1258805 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch. CVE-2026-25987 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-25987.html CVE-2026-25987 https://bugzilla.suse.com/1258821 SUSE Bug 1258821 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch. CVE-2026-25988 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-25988.html CVE-2026-25988 https://bugzilla.suse.com/1258810 SUSE Bug 1258810 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch. CVE-2026-26066 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-26066.html CVE-2026-26066 https://bugzilla.suse.com/1258769 SUSE Bug 1258769 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch. CVE-2026-26284 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-26284.html CVE-2026-26284 https://bugzilla.suse.com/1258765 SUSE Bug 1258765 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a patch. CVE-2026-26983 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-26983.html CVE-2026-26983 https://bugzilla.suse.com/1258763 SUSE Bug 1258763 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch. CVE-2026-27799 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ImageMagick-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagick++-devel-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.231.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.231.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/ https://www.suse.com/security/cve/CVE-2026-27799.html CVE-2026-27799 https://bugzilla.suse.com/1259017 SUSE Bug 1259017