rpm package
opensuse/ImageMagick&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweed
Vulnerabilities (152)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25988 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1. | ||
| CVE-2026-25987 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unin | ||
| CVE-2026-25986 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. Th | ||
| CVE-2026-25985 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abo | ||
| CVE-2026-25983 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues read | ||
| CVE-2026-25982 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the dec | ||
| CVE-2026-25971 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | ||
| CVE-2026-25970 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service wh | ||
| CVE-2026-25969 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not pr | ||
| CVE-2026-25968 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory c | ||
| CVE-2026-25967 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash | ||
| CVE-2026-25966 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames (e.g., fd:0, f | ||
| CVE-2026-25965 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as | ||
| CVE-2026-25898 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDR | ||
| CVE-2026-25897 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds h | ||
| CVE-2026-25799 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image | ||
| CVE-2026-25798 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplyi | ||
| CVE-2026-25797 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker | ||
| CVE-2026-25796 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite me | ||
| CVE-2026-25795 | — | < 7.1.2.15-1.1 | 7.1.2.15-1.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, ca |
- CVE-2026-25988Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.
- CVE-2026-25987Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unin
- CVE-2026-25986Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. Th
- CVE-2026-25985Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abo
- CVE-2026-25983Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues read
- CVE-2026-25982Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the dec
- CVE-2026-25971Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
- CVE-2026-25970Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service wh
- CVE-2026-25969Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not pr
- CVE-2026-25968Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory c
- CVE-2026-25967Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash
- CVE-2026-25966Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames (e.g., fd:0, f
- CVE-2026-25965Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as
- CVE-2026-25898Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDR
- CVE-2026-25897Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds h
- CVE-2026-25799Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image
- CVE-2026-25798Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplyi
- CVE-2026-25797Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker
- CVE-2026-25796Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite me
- CVE-2026-25795Feb 24, 2026affected < 7.1.2.15-1.1fixed 7.1.2.15-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, ca
Page 3 of 8