{"id":"SUSE-SU-2026:1202-1","summary":"Security update for ImageMagick","details":"This update for ImageMagick fixes the following issues:\n\n- CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790).\n- CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446).\n- CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow\n  (bsc#1259447).\n- CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow\n  (bsc#1259448).\n- CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450).\n- CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451).\n- CVE-2026-28689: `domain='path'` authorization is checked before final file open/use and allows for read/write bypass\n  via symlink swaps (bsc#1259452).\n- CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456).\n- CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455).\n- CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457).\n- CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of-bounds read or write (bsc#1259466).\n- CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467).\n- CVE-2026-30929: improper use of fixed-size stack buffer in `MagnifyImage`can lead to a stack buffer overflow\n  (bsc#1259468).\n- CVE-2026-30931: value truncation in the UHDR encoder can lead to a heap buffer overflow (bsc#1259469).\n- CVE-2026-30935: heap-based buffer over-read in BilateralBlurImage (bsc#1259497).\n- CVE-2026-30936: Heap Buffer Overflow in WaveletDenoiseImage (bsc#1259464).\n- CVE-2026-30937: Heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463).\n- CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely\n  large images (bsc#1259528).\n- CVE-2026-32259: memory allocation fails can lead to out of bound write (bsc#1259612).\n- CVE-2026-32636: Denial of Service via out-of-bounds write in NewXMLTree method (bsc#1259872).\n- CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display interaction (bsc#1260874).\n- CVE-2026-33536: Denial of Service via out-of-bounds write (bsc#1260879).\n","modified":"2026-04-08T07:50:14.789065Z","published":"2026-04-07T12:24:42Z","related":["CVE-2026-24484","CVE-2026-25971","CVE-2026-28493","CVE-2026-28494","CVE-2026-28686","CVE-2026-28687","CVE-2026-28688","CVE-2026-28689","CVE-2026-28690","CVE-2026-28691","CVE-2026-28692","CVE-2026-28693","CVE-2026-30883","CVE-2026-30929","CVE-2026-30931","CVE-2026-30935","CVE-2026-30936","CVE-2026-30937","CVE-2026-31853","CVE-2026-32259","CVE-2026-32636","CVE-2026-33535","CVE-2026-33536"],"upstream":["CVE-2026-24484","CVE-2026-25971","CVE-2026-28493","CVE-2026-28494","CVE-2026-28686","CVE-2026-28687","CVE-2026-28688","CVE-2026-28689","CVE-2026-28690","CVE-2026-28691","CVE-2026-28692","CVE-2026-28693","CVE-2026-30883","CVE-2026-30929","CVE-2026-30931","CVE-2026-30935","CVE-2026-30936","CVE-2026-30937","CVE-2026-31853","CVE-2026-32259","CVE-2026-32636","CVE-2026-33535","CVE-2026-33536"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20261202-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258790"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259446"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259447"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259448"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259450"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259451"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259452"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259455"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259456"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259457"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259463"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259464"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259466"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259467"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259468"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259469"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259497"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259528"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259612"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259872"},{"type":"REPORT","url":"https://bugzilla.suse.com/1260874"},{"type":"REPORT","url":"https://bugzilla.suse.com/1260879"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-24484"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25971"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-28493"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-28494"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-28686"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-28687"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-28688"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-28689"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-28690"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-28691"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-28692"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-28693"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-30883"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-30929"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-30931"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-30935"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-30936"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-30937"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-31853"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-32259"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-32636"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-33535"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-33536"}],"affected":[{"package":{"name":"ImageMagick","ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP7","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.1.1.43-150700.3.42.1"}]}],"ecosystem_specific":{"binaries":[{"ImageMagick":"7.1.1.43-150700.3.42.1","ImageMagick-config-7-upstream-open":"7.1.1.43-150700.3.42.1","ImageMagick-config-7-upstream-websafe":"7.1.1.43-150700.3.42.1","libMagick++-devel":"7.1.1.43-150700.3.42.1","ImageMagick-config-7-SUSE":"7.1.1.43-150700.3.42.1","libMagick++-7_Q16HDRI5":"7.1.1.43-150700.3.42.1","libMagickWand-7_Q16HDRI10":"7.1.1.43-150700.3.42.1","ImageMagick-devel":"7.1.1.43-150700.3.42.1","libMagickCore-7_Q16HDRI10":"7.1.1.43-150700.3.42.1","ImageMagick-config-7-upstream-limited":"7.1.1.43-150700.3.42.1","ImageMagick-config-7-upstream-secure":"7.1.1.43-150700.3.42.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1202-1.json"}},{"package":{"name":"ImageMagick","ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP7","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.1.1.43-150700.3.42.1"}]}],"ecosystem_specific":{"binaries":[{"perl-PerlMagick":"7.1.1.43-150700.3.42.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1202-1.json"}}],"schema_version":"1.7.5"}