Security update for ImageMagick

Announcement ID:	SUSE-SU-2026:0851-1
Release Date:	2026-03-09T15:32:18Z
Rating:	important
References:	bsc#1258743 bsc#1258748 bsc#1258757 bsc#1258759 bsc#1258763 bsc#1258765 bsc#1258767 bsc#1258769 bsc#1258770 bsc#1258771 bsc#1258772 bsc#1258774 bsc#1258775 bsc#1258776 bsc#1258779 bsc#1258780 bsc#1258785 bsc#1258786 bsc#1258787 bsc#1258790 bsc#1258791 bsc#1258792 bsc#1258793 bsc#1258799 bsc#1258802 bsc#1258805 bsc#1258807 bsc#1258810 bsc#1258812 bsc#1258818 bsc#1258821 bsc#1259017 bsc#1259018
Cross-References:	CVE-2026-24481 CVE-2026-24484 CVE-2026-24485 CVE-2026-25576 CVE-2026-25637 CVE-2026-25638 CVE-2026-25795 CVE-2026-25796 CVE-2026-25797 CVE-2026-25798 CVE-2026-25799 CVE-2026-25897 CVE-2026-25898 CVE-2026-25965 CVE-2026-25966 CVE-2026-25967 CVE-2026-25968 CVE-2026-25969 CVE-2026-25970 CVE-2026-25971 CVE-2026-25982 CVE-2026-25983 CVE-2026-25985 CVE-2026-25986 CVE-2026-25987 CVE-2026-25988 CVE-2026-25989 CVE-2026-26066 CVE-2026-26283 CVE-2026-26284 CVE-2026-26983 CVE-2026-27798 CVE-2026-27799
CVSS scores:	CVE-2026-24481 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-24481 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-24484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-24485 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2026-24485 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25576 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-25576 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-25576 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2026-25637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-25637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25637 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25638 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-25638 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25638 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25795 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-25795 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25795 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25795 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25796 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25796 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25796 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25797 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L CVE-2026-25797 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L CVE-2026-25797 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2026-25798 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-25798 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25798 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25798 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25799 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-25799 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25799 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25799 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25897 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-25897 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2026-25897 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2026-25897 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-25898 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-25898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2026-25898 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2026-25898 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2026-25965 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N CVE-2026-25965 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2026-25965 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2026-25965 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-25966 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVE-2026-25966 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2026-25966 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2026-25966 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-25967 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-25967 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2026-25967 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2026-25967 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25968 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-25968 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2026-25968 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2026-25968 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-25969 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25969 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25970 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-25970 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25970 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25970 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25971 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-25971 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25971 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-25971 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25982 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-25982 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2026-25982 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2026-25982 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2026-25983 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-25983 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25983 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-25983 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25985 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-25985 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25985 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25986 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-25986 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25986 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25986 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-25987 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2026-25987 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-25987 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-25987 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2026-25988 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-25988 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25988 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-25988 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25989 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-25989 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25989 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-26066 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-26066 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-26066 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-26066 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-26283 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-26283 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-26283 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-26283 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-26284 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-26284 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2026-26284 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2026-26284 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2026-26983 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-26983 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-26983 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-27798 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2026-27798 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-27798 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-27798 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2026-27799 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N CVE-2026-27799 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2026-27799 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2026-27799 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Affected Products:	Desktop Applications Module 15-SP7 Development Tools Module 15-SP7 SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Real Time 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 33 vulnerabilities can now be installed.

Description:

This update for ImageMagick fixes the following issues:

• CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression (bsc#1258743).
• CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790).
• CVE-2026-24485: denial of service via malformed PCD file processing (bsc#1258791).
• CVE-2026-25576: Out of bounds read in multiple coders that read raw pixel data (bsc#1258748).
• CVE-2026-25637: Denial of Service via crafted image due to memory leak (bsc#1258759).
• CVE-2026-25638: Denial of Service due to memory leak in image processing (bsc#1258793).
• CVE-2026-25795: Denial of Service due to NULL pointer dereference during temporary file creation failure (bsc#1258792).
• CVE-2026-25796: Memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths (bsc#1258757).
• CVE-2026-25797: Code injection in various encoders (bsc#1258770).
• CVE-2026-25798: NULL Pointer Dereference in ClonePixelCacheRepository via crafted image (bsc#1258787).
• CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash (bsc#1258786).
• CVE-2026-25897: Out-of-bounds heap write via integer overflow in sun decoder (bsc#1258799).
• CVE-2026-25898: Information disclosure or denial of service via crafted image with invalid pixel index (bsc#1258807).
• CVE-2026-25965: Policy bypass through path traversal allows reading restricted content despite secured policy (bsc#1258785).
• CVE-2026-25966: Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access (bsc#1258780).
• CVE-2026-25967: Stack buffer overflow in FTXT reader via oversized integer field (bsc#1258779).
• CVE-2026-25968: MSL attribute stack buffer overflow leads to out of bounds write (bsc#1258776).
• CVE-2026-25969: Memory Leak in coders/ashlar.c (bsc#1258775).
• CVE-2026-25970: Memory corruption and denial of service via signed integer overflow in SIXEL decoder (bsc#1258802).
• CVE-2026-25971: MSL: Stack overflow in ProcessMSLScript (bsc#1258774).
• CVE-2026-25982: Heap Out-of-Bounds Read in DCM Decoder (bsc#1258772).
• CVE-2026-25983: Denial of service via crafted MSL script (bsc#1258805).
• CVE-2026-25985: Memory allocation with excessive without limits in the internal SVG decoder (bsc#1258812).
• CVE-2026-25986: Denial of Service via malicious YUV image processing (bsc#1258818).
• CVE-2026-25987: Memory disclosure and denial of service via crafted MAP files (bsc#1258821).
• CVE-2026-25988: Denial of Service due to memory leak in image processing (bsc#1258810).
• CVE-2026-25989: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder (bsc#1258771).
• CVE-2026-26066: Infinite loop when writing IPTCTEXT leads to denial of service via crafted profile (bsc#1258769).
• CVE-2026-26283: Possible infinite loop in JPEG encoder when using jpeg: extent (bsc#1258767).
• CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read (bsc#1258765).
• CVE-2026-26983: Invalid MSL <map> can result in a use after free (bsc#1258763).
• CVE-2026-27798: Heap Buffer Over-read in WaveletDenoise when processing small images (bsc#1259018).
• CVE-2026-27799: ImageMagick has a heap Buffer Over-read in its DJVU image format handler (bsc#1259017).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Desktop Applications Module 15-SP7
  zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-851=1
• Development Tools Module 15-SP7
  zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-851=1

Package List:

• Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
  • libMagickCore-7_Q16HDRI10-7.1.1.43-150700.3.37.1
  • libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.37.1
  • ImageMagick-7.1.1.43-150700.3.37.1
  • ImageMagick-debugsource-7.1.1.43-150700.3.37.1
  • libMagick++-7_Q16HDRI5-debuginfo-7.1.1.43-150700.3.37.1
  • ImageMagick-config-7-upstream-limited-7.1.1.43-150700.3.37.1
  • ImageMagick-debuginfo-7.1.1.43-150700.3.37.1
  • libMagick++-7_Q16HDRI5-7.1.1.43-150700.3.37.1
  • libMagick++-devel-7.1.1.43-150700.3.37.1
  • libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.37.1
  • ImageMagick-config-7-upstream-websafe-7.1.1.43-150700.3.37.1
  • ImageMagick-config-7-SUSE-7.1.1.43-150700.3.37.1
  • ImageMagick-devel-7.1.1.43-150700.3.37.1
  • ImageMagick-config-7-upstream-open-7.1.1.43-150700.3.37.1
  • ImageMagick-config-7-upstream-secure-7.1.1.43-150700.3.37.1
  • libMagickWand-7_Q16HDRI10-7.1.1.43-150700.3.37.1
• Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
  • ImageMagick-debuginfo-7.1.1.43-150700.3.37.1
  • perl-PerlMagick-7.1.1.43-150700.3.37.1
  • perl-PerlMagick-debuginfo-7.1.1.43-150700.3.37.1
  • ImageMagick-debugsource-7.1.1.43-150700.3.37.1

References:

• https://www.suse.com/security/cve/CVE-2026-24481.html
• https://www.suse.com/security/cve/CVE-2026-24484.html
• https://www.suse.com/security/cve/CVE-2026-24485.html
• https://www.suse.com/security/cve/CVE-2026-25576.html
• https://www.suse.com/security/cve/CVE-2026-25637.html
• https://www.suse.com/security/cve/CVE-2026-25638.html
• https://www.suse.com/security/cve/CVE-2026-25795.html
• https://www.suse.com/security/cve/CVE-2026-25796.html
• https://www.suse.com/security/cve/CVE-2026-25797.html
• https://www.suse.com/security/cve/CVE-2026-25798.html
• https://www.suse.com/security/cve/CVE-2026-25799.html
• https://www.suse.com/security/cve/CVE-2026-25897.html
• https://www.suse.com/security/cve/CVE-2026-25898.html
• https://www.suse.com/security/cve/CVE-2026-25965.html
• https://www.suse.com/security/cve/CVE-2026-25966.html
• https://www.suse.com/security/cve/CVE-2026-25967.html
• https://www.suse.com/security/cve/CVE-2026-25968.html
• https://www.suse.com/security/cve/CVE-2026-25969.html
• https://www.suse.com/security/cve/CVE-2026-25970.html
• https://www.suse.com/security/cve/CVE-2026-25971.html
• https://www.suse.com/security/cve/CVE-2026-25982.html
• https://www.suse.com/security/cve/CVE-2026-25983.html
• https://www.suse.com/security/cve/CVE-2026-25985.html
• https://www.suse.com/security/cve/CVE-2026-25986.html
• https://www.suse.com/security/cve/CVE-2026-25987.html
• https://www.suse.com/security/cve/CVE-2026-25988.html
• https://www.suse.com/security/cve/CVE-2026-25989.html
• https://www.suse.com/security/cve/CVE-2026-26066.html
• https://www.suse.com/security/cve/CVE-2026-26283.html
• https://www.suse.com/security/cve/CVE-2026-26284.html
• https://www.suse.com/security/cve/CVE-2026-26983.html
• https://www.suse.com/security/cve/CVE-2026-27798.html
• https://www.suse.com/security/cve/CVE-2026-27799.html
• https://bugzilla.suse.com/show_bug.cgi?id=1258743
• https://bugzilla.suse.com/show_bug.cgi?id=1258748
• https://bugzilla.suse.com/show_bug.cgi?id=1258757
• https://bugzilla.suse.com/show_bug.cgi?id=1258759
• https://bugzilla.suse.com/show_bug.cgi?id=1258763
• https://bugzilla.suse.com/show_bug.cgi?id=1258765
• https://bugzilla.suse.com/show_bug.cgi?id=1258767
• https://bugzilla.suse.com/show_bug.cgi?id=1258769
• https://bugzilla.suse.com/show_bug.cgi?id=1258770
• https://bugzilla.suse.com/show_bug.cgi?id=1258771
• https://bugzilla.suse.com/show_bug.cgi?id=1258772
• https://bugzilla.suse.com/show_bug.cgi?id=1258774
• https://bugzilla.suse.com/show_bug.cgi?id=1258775
• https://bugzilla.suse.com/show_bug.cgi?id=1258776
• https://bugzilla.suse.com/show_bug.cgi?id=1258779
• https://bugzilla.suse.com/show_bug.cgi?id=1258780
• https://bugzilla.suse.com/show_bug.cgi?id=1258785
• https://bugzilla.suse.com/show_bug.cgi?id=1258786
• https://bugzilla.suse.com/show_bug.cgi?id=1258787
• https://bugzilla.suse.com/show_bug.cgi?id=1258790
• https://bugzilla.suse.com/show_bug.cgi?id=1258791
• https://bugzilla.suse.com/show_bug.cgi?id=1258792
• https://bugzilla.suse.com/show_bug.cgi?id=1258793
• https://bugzilla.suse.com/show_bug.cgi?id=1258799
• https://bugzilla.suse.com/show_bug.cgi?id=1258802
• https://bugzilla.suse.com/show_bug.cgi?id=1258805
• https://bugzilla.suse.com/show_bug.cgi?id=1258807
• https://bugzilla.suse.com/show_bug.cgi?id=1258810
• https://bugzilla.suse.com/show_bug.cgi?id=1258812
• https://bugzilla.suse.com/show_bug.cgi?id=1258818
• https://bugzilla.suse.com/show_bug.cgi?id=1258821
• https://bugzilla.suse.com/show_bug.cgi?id=1259017
• https://bugzilla.suse.com/show_bug.cgi?id=1259018