Overview

File _patchinfo of Package patchinfo.42999

<patchinfo incident="42999">
  <!--generated with prepare-update from request 402662-->
  <issue tracker="bnc" id="1258748">VUL-0: CVE-2026-25576: ImageMagick: Out of bounds read in multiple coders that read raw pixel data</issue>
  <issue tracker="bnc" id="1258757">VUL-0: CVE-2026-25796: ImageMagick: Memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths</issue>
  <issue tracker="bnc" id="1258763">VUL-0: CVE-2026-26983: ImageMagick: Invalid MSL &lt;map&gt; can result in a use after free</issue>
  <issue tracker="bnc" id="1258765">VUL-0: CVE-2026-26284: GraphicsMagick,ImageMagick:  Heap overflow in pcd decoder leads to out of bounds read.</issue>
  <issue tracker="bnc" id="1258769">VUL-0: CVE-2026-26066: ImageMagick:  Infinite loop when writing IPTCTEXT leads to denial of service via crafted profile</issue>
  <issue tracker="bnc" id="1258770">VUL-0: CVE-2026-25797: ImageMagick: Code injection in various encoders</issue>
  <issue tracker="bnc" id="1258780">VUL-0: CVE-2026-25966: ImageMagick: Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access</issue>
  <issue tracker="bnc" id="1258786">VUL-0: CVE-2026-25799: GraphicsMagick,ImageMagick: Division-by-Zero in YUV sampling factor validation leads to crash</issue>
  <issue tracker="bnc" id="1258790">VUL-0: CVE-2026-24484: GraphicsMagick,ImageMagick: denial of service vulnerability via multi-layer nested MVG to SVG conversion</issue>
  <issue tracker="bnc" id="1258791">VUL-0: CVE-2026-24485: GraphicsMagick,ImageMagick: denial of service via malformed PCD file processing</issue>
  <issue tracker="bnc" id="1258792">VUL-0: CVE-2026-25795: ImageMagick: Denial of Service due to NULL pointer dereference during temporary file creation failure</issue>
  <issue tracker="bnc" id="1258805">VUL-0: CVE-2026-25983: TRACKERBUG: ImageMagick: Denial of service via crafted MSL script</issue>
  <issue tracker="bnc" id="1258810">VUL-0: CVE-2026-25988: ImageMagick: Denial of Service due to memory leak in image processing</issue>
  <issue tracker="bnc" id="1258821">VUL-0: CVE-2026-25987: TRACKERBUG: ImageMagick: Memory disclosure and denial of service via crafted MAP files</issue>
  <issue tracker="bnc" id="1259017">VUL-0: CVE-2026-27799: ImageMagick: ImageMagick has a heap Buffer Over-read in its DJVU image format handler</issue>
  <issue tracker="cve" id="2026-24484"/>
  <issue tracker="cve" id="2026-24485"/>
  <issue tracker="cve" id="2026-25576"/>
  <issue tracker="cve" id="2026-25795"/>
  <issue tracker="cve" id="2026-25796"/>
  <issue tracker="cve" id="2026-25797"/>
  <issue tracker="cve" id="2026-25799"/>
  <issue tracker="cve" id="2026-25966"/>
  <issue tracker="cve" id="2026-25983"/>
  <issue tracker="cve" id="2026-25987"/>
  <issue tracker="cve" id="2026-25988"/>
  <issue tracker="cve" id="2026-26066"/>
  <issue tracker="cve" id="2026-26284"/>
  <issue tracker="cve" id="2026-26983"/>
  <issue tracker="cve" id="2026-27799"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <summary>Security update for ImageMagick</summary>
  <description>This update for ImageMagick fixes the following issues:

- CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790).
- CVE-2026-24485: denial of service via malformed PCD file processing (bsc#1258791).
- CVE-2026-25576: Out of bounds read in multiple coders that read raw pixel data (bsc#1258748).
- CVE-2026-25795: Denial of Service due to NULL pointer dereference during temporary file creation failure
  (bsc#1258792).
- CVE-2026-25796: Memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths
  (bsc#1258757).
- CVE-2026-25797: Code injection in various encoders (bsc#1258770).
- CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash (bsc#1258786).
- CVE-2026-25966: Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access
  (bsc#1258780).
- CVE-2026-25983: Denial of service via crafted MSL script (bsc#1258805).
- CVE-2026-25987: Memory disclosure and denial of service via crafted MAP files (bsc#1258821).
- CVE-2026-25988: Denial of Service due to memory leak in image processing (bsc#1258810).
- CVE-2026-26066: Infinite loop when writing IPTCTEXT leads to denial of service via crafted profile (bsc#1258769).
- CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read (bsc#1258765).
- CVE-2026-26983: Invalid MSL &lt;map&gt; can result in a use after free (bsc#1258763).
- CVE-2026-27799: ImageMagick has a heap Buffer Over-read in its DJVU image format handler (bsc#1259017).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places