rpm package
suse/ImageMagick&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-66628 | — | < 7.0.7.34-150200.10.68.1 | 7.0.7.34-150200.10.68.1 | Dec 10, 2025 | ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bi | ||
| CVE-2025-65955 | — | < 7.0.7.34-150200.10.68.1 | 7.0.7.34-150200.10.68.1 | Dec 2, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family | ||
| CVE-2025-57803 | — | < 7.0.7.34-150200.10.62.1 | 7.0.7.34-150200.10.62.1 | Aug 26, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a | ||
| CVE-2025-55298 | — | < 7.0.7.34-150200.10.62.1 | 7.0.7.34-150200.10.62.1 | Aug 26, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleStrin | ||
| CVE-2025-55212 | — | < 7.0.7.34-150200.10.62.1 | 7.0.7.34-150200.10.62.1 | Aug 26, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage | ||
| CVE-2025-55160 | — | < 7.0.7.34-150200.10.62.1 | 7.0.7.34-150200.10.62.1 | Aug 13, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in s | ||
| CVE-2025-55154 | — | < 7.0.7.34-150200.10.62.1 | 7.0.7.34-150200.10.62.1 | Aug 13, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has b | ||
| CVE-2025-55005 | — | < 7.0.7.34-150200.10.62.1 | 7.0.7.34-150200.10.62.1 | Aug 13, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is l | ||
| CVE-2025-55004 | — | < 7.0.7.34-150200.10.62.1 | 7.0.7.34-150200.10.62.1 | Aug 13, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOn | ||
| CVE-2022-44268 | — | < 7.0.7.34-150200.10.42.1 | 7.0.7.34-150200.10.42.1 | Feb 6, 2023 | ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it). | ||
| CVE-2022-44267 | — | < 7.0.7.34-150200.10.42.1 | 7.0.7.34-150200.10.42.1 | Feb 6, 2023 | ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. |
- CVE-2025-66628Dec 10, 2025affected < 7.0.7.34-150200.10.68.1fixed 7.0.7.34-150200.10.68.1
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bi
- CVE-2025-65955Dec 2, 2025affected < 7.0.7.34-150200.10.68.1fixed 7.0.7.34-150200.10.68.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family
- CVE-2025-57803Aug 26, 2025affected < 7.0.7.34-150200.10.62.1fixed 7.0.7.34-150200.10.62.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a
- CVE-2025-55298Aug 26, 2025affected < 7.0.7.34-150200.10.62.1fixed 7.0.7.34-150200.10.62.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleStrin
- CVE-2025-55212Aug 26, 2025affected < 7.0.7.34-150200.10.62.1fixed 7.0.7.34-150200.10.62.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage
- CVE-2025-55160Aug 13, 2025affected < 7.0.7.34-150200.10.62.1fixed 7.0.7.34-150200.10.62.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in s
- CVE-2025-55154Aug 13, 2025affected < 7.0.7.34-150200.10.62.1fixed 7.0.7.34-150200.10.62.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has b
- CVE-2025-55005Aug 13, 2025affected < 7.0.7.34-150200.10.62.1fixed 7.0.7.34-150200.10.62.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is l
- CVE-2025-55004Aug 13, 2025affected < 7.0.7.34-150200.10.62.1fixed 7.0.7.34-150200.10.62.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOn
- CVE-2022-44268Feb 6, 2023affected < 7.0.7.34-150200.10.42.1fixed 7.0.7.34-150200.10.42.1
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
- CVE-2022-44267Feb 6, 2023affected < 7.0.7.34-150200.10.42.1fixed 7.0.7.34-150200.10.42.1
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.