{"affected":[{"ecosystem_specific":{"binaries":[{"ImageMagick":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-SUSE":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-upstream-limited":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-upstream-open":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-upstream-secure":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-upstream-websafe":"7.1.1.21-150600.3.42.2","ImageMagick-devel":"7.1.1.21-150600.3.42.2","libMagick++-7_Q16HDRI5":"7.1.1.21-150600.3.42.2","libMagick++-devel":"7.1.1.21-150600.3.42.2","libMagickCore-7_Q16HDRI10":"7.1.1.21-150600.3.42.2","libMagickWand-7_Q16HDRI10":"7.1.1.21-150600.3.42.2","perl-PerlMagick":"7.1.1.21-150600.3.42.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP6-LTSS","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.1.1.21-150600.3.42.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ImageMagick":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-SUSE":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-upstream-limited":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-upstream-open":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-upstream-secure":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-upstream-websafe":"7.1.1.21-150600.3.42.2","ImageMagick-devel":"7.1.1.21-150600.3.42.2","libMagick++-7_Q16HDRI5":"7.1.1.21-150600.3.42.2","libMagick++-devel":"7.1.1.21-150600.3.42.2","libMagickCore-7_Q16HDRI10":"7.1.1.21-150600.3.42.2","libMagickWand-7_Q16HDRI10":"7.1.1.21-150600.3.42.2","perl-PerlMagick":"7.1.1.21-150600.3.42.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP6","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.1.1.21-150600.3.42.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ImageMagick":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-SUSE":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-upstream-limited":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-upstream-open":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-upstream-secure":"7.1.1.21-150600.3.42.2","ImageMagick-config-7-upstream-websafe":"7.1.1.21-150600.3.42.2","ImageMagick-devel":"7.1.1.21-150600.3.42.2","ImageMagick-devel-32bit":"7.1.1.21-150600.3.42.2","ImageMagick-doc":"7.1.1.21-150600.3.42.2","ImageMagick-extra":"7.1.1.21-150600.3.42.2","libMagick++-7_Q16HDRI5":"7.1.1.21-150600.3.42.2","libMagick++-7_Q16HDRI5-32bit":"7.1.1.21-150600.3.42.2","libMagick++-devel":"7.1.1.21-150600.3.42.2","libMagick++-devel-32bit":"7.1.1.21-150600.3.42.2","libMagickCore-7_Q16HDRI10":"7.1.1.21-150600.3.42.2","libMagickCore-7_Q16HDRI10-32bit":"7.1.1.21-150600.3.42.2","libMagickWand-7_Q16HDRI10":"7.1.1.21-150600.3.42.2","libMagickWand-7_Q16HDRI10-32bit":"7.1.1.21-150600.3.42.2","perl-PerlMagick":"7.1.1.21-150600.3.42.2"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"ImageMagick","purl":"pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.1.1.21-150600.3.42.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ImageMagick fixes the following issues:\n\n- CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression (bsc#1258743).\n- CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790).\n- CVE-2026-24485: denial of service via malformed PCD file processing (bsc#1258791).\n- CVE-2026-25576: Out of bounds read in multiple coders that read raw pixel data (bsc#1258748).\n- CVE-2026-25637: Denial of Service via crafted image due to memory leak (bsc#1258759).\n- CVE-2026-25638: Denial of Service due to memory leak in image processing (bsc#1258793).\n- CVE-2026-25795: Denial of Service due to NULL pointer dereference during temporary file creation failure\n  (bsc#1258792).\n- CVE-2026-25796: Memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths\n  (bsc#1258757).\n- CVE-2026-25797: Code injection in various encoders (bsc#1258770).\n- CVE-2026-25798: NULL Pointer Dereference in ClonePixelCacheRepository via crafted image (bsc#1258787).\n- CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash (bsc#1258786).\n- CVE-2026-25897: Out-of-bounds heap write via integer overflow in sun decoder (bsc#1258799).\n- CVE-2026-25898: Information disclosure or denial of service via crafted image with invalid pixel index (bsc#1258807).\n- CVE-2026-25965: Policy bypass through path traversal allows reading restricted content despite secured policy\n  (bsc#1258785).\n- CVE-2026-25966: Security Policy Bypass through config/policy-secure.xml via 'fd handler' leads to stdin/stdout access\n  (bsc#1258780).\n- CVE-2026-25967: Stack buffer overflow in FTXT reader via oversized integer field (bsc#1258779).\n- CVE-2026-25968: MSL attribute stack buffer overflow leads to out of bounds write (bsc#1258776).\n- CVE-2026-25969: Memory Leak in coders/ashlar.c (bsc#1258775).\n- CVE-2026-25970: Memory corruption and denial of service via signed integer overflow in SIXEL decoder (bsc#1258802).\n- CVE-2026-25971: MSL: Stack overflow in ProcessMSLScript (bsc#1258774).\n- CVE-2026-25983: Denial of service via crafted MSL script (bsc#1258805).\n- CVE-2026-25985: Memory allocation with excessive without limits in the internal SVG decoder (bsc#1258812).\n- CVE-2026-25986: Denial of Service via malicious YUV image processing (bsc#1258818).\n- CVE-2026-25987: Memory disclosure and denial of service via crafted MAP files (bsc#1258821).\n- CVE-2026-25988: Denial of Service due to memory leak in image processing (bsc#1258810).\n- CVE-2026-25989: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG\n  decoder (bsc#1258771).\n- CVE-2026-26066: Infinite loop when writing IPTCTEXT leads to denial of service via crafted profile (bsc#1258769).\n- CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read (bsc#1258765).\n- CVE-2026-26983: Invalid MSL <map> can result in a use after free (bsc#1258763).\n- CVE-2026-27798: Heap Buffer Over-read in WaveletDenoise when processing small images (bsc#1259018).\n- CVE-2026-27799: ImageMagick has a heap Buffer Over-read in its DJVU image format handler (bsc#1259017).\n","id":"SUSE-SU-2026:0852-1","modified":"2026-03-09T15:32:56Z","published":"2026-03-09T15:32:56Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260852-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258743"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258748"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258757"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258759"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258763"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258765"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258769"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258770"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258771"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258774"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258775"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258776"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258779"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258780"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258785"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258786"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258787"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258790"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258791"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258792"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258793"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258799"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258802"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258805"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258807"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258810"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258812"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258818"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258821"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259017"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259018"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-24481"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-24484"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-24485"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25576"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25637"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25638"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25795"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25796"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25797"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25798"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25799"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25897"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25898"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25965"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25966"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25967"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25968"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25969"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25970"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25971"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25983"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25985"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25986"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25987"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25988"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25989"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-26066"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-26284"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-26983"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-27798"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-27799"}],"related":["CVE-2026-24481","CVE-2026-24484","CVE-2026-24485","CVE-2026-25576","CVE-2026-25637","CVE-2026-25638","CVE-2026-25795","CVE-2026-25796","CVE-2026-25797","CVE-2026-25798","CVE-2026-25799","CVE-2026-25897","CVE-2026-25898","CVE-2026-25965","CVE-2026-25966","CVE-2026-25967","CVE-2026-25968","CVE-2026-25969","CVE-2026-25970","CVE-2026-25971","CVE-2026-25983","CVE-2026-25985","CVE-2026-25986","CVE-2026-25987","CVE-2026-25988","CVE-2026-25989","CVE-2026-26066","CVE-2026-26284","CVE-2026-26983","CVE-2026-27798","CVE-2026-27799"],"summary":"Security update for ImageMagick","upstream":["CVE-2026-24481","CVE-2026-24484","CVE-2026-24485","CVE-2026-25576","CVE-2026-25637","CVE-2026-25638","CVE-2026-25795","CVE-2026-25796","CVE-2026-25797","CVE-2026-25798","CVE-2026-25799","CVE-2026-25897","CVE-2026-25898","CVE-2026-25965","CVE-2026-25966","CVE-2026-25967","CVE-2026-25968","CVE-2026-25969","CVE-2026-25970","CVE-2026-25971","CVE-2026-25983","CVE-2026-25985","CVE-2026-25986","CVE-2026-25987","CVE-2026-25988","CVE-2026-25989","CVE-2026-26066","CVE-2026-26284","CVE-2026-26983","CVE-2026-27798","CVE-2026-27799"]}