rpm package

suse/ImageMagick&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Vulnerabilities (51)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-27799	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 25, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculat
CVE-2026-26983	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 24, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `` element that causes it to use an image after it has been freed. Versions 7.1.2-15
CVE-2026-26284	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 24, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that
CVE-2026-26066	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 24, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain
CVE-2026-25988	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 24, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.
CVE-2026-25987	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 24, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unin
CVE-2026-25983	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 24, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues read
CVE-2026-25966	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 24, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames (e.g., fd:0, f
CVE-2026-25799	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 24, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image
CVE-2026-25797	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 24, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker
CVE-2026-25796	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 24, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite me
CVE-2026-25795	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 24, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, ca
CVE-2026-25576	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 24, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extrac
CVE-2026-24485	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 24, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sy
CVE-2026-24484	—	< 6.8.8.1-71.231.1	6.8.8.1-71.231.1	Feb 24, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVE-2026-23952	—	< 6.8.8.1-71.227.1	6.8.8.1-71.227.1	Jan 22, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing tags before images are loaded. This can
CVE-2026-23876	—	< 6.8.8.1-71.227.1	6.8.8.1-71.227.1	Jan 20, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated hea
CVE-2026-23874	—	< 6.8.8.1-71.227.1	6.8.8.1-71.227.1	Jan 20, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `` command when writing to MSL format. Version 7.1.2-13 fixes the issue
CVE-2025-68618	—	< 6.8.8.1-71.224.1	6.8.8.1-71.224.1	Dec 30, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.
CVE-2025-68469	—	< 6.8.8.1-71.221.1	6.8.8.1-71.221.1	Dec 18, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.

CVE-2026-27799Feb 25, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculat
CVE-2026-26983Feb 24, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `` element that causes it to use an image after it has been freed. Versions 7.1.2-15
CVE-2026-26284Feb 24, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that
CVE-2026-26066Feb 24, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain
CVE-2026-25988Feb 24, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.
CVE-2026-25987Feb 24, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unin
CVE-2026-25983Feb 24, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues read
CVE-2026-25966Feb 24, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames (e.g., fd:0, f
CVE-2026-25799Feb 24, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image
CVE-2026-25797Feb 24, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker
CVE-2026-25796Feb 24, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite me
CVE-2026-25795Feb 24, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, ca
CVE-2026-25576Feb 24, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extrac
CVE-2026-24485Feb 24, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sy
CVE-2026-24484Feb 24, 2026
affected < 6.8.8.1-71.231.1fixed 6.8.8.1-71.231.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVE-2026-23952Jan 22, 2026
affected < 6.8.8.1-71.227.1fixed 6.8.8.1-71.227.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing tags before images are loaded. This can
CVE-2026-23876Jan 20, 2026
affected < 6.8.8.1-71.227.1fixed 6.8.8.1-71.227.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated hea
CVE-2026-23874Jan 20, 2026
affected < 6.8.8.1-71.227.1fixed 6.8.8.1-71.227.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `` command when writing to MSL format. Version 7.1.2-13 fixes the issue
CVE-2025-68618Dec 30, 2025
affected < 6.8.8.1-71.224.1fixed 6.8.8.1-71.224.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.
CVE-2025-68469Dec 18, 2025
affected < 6.8.8.1-71.221.1fixed 6.8.8.1-71.221.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.

Page 2 of 3