SUSE-SU-2026%3A1597-1
This update for ImageMagick fixes the following issues: - CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing (bsc#1262154). - CVE-2026-33900: Denial of Service via integer truncation in viff encoder (bsc#1262156). - CVE-2026-33901: Denial of Service due to heap buffer overflow in MVG decoder (bsc#1262155). - CVE-2026-33905: Denial of service via out-of-bounds read in -sample operation (bsc#1262097). - CVE-2026-33908: Denial of Service via deeply nested XML file processing (bsc#1262152). - CVE-2026-34238: Denial of Service via integer overflow in despeckle operation (bsc#1262147). - CVE-2026-40169: Denial of Service via crafted image leading to out-of-bounds write (bsc#1262150). - CVE-2026-40183: Denial of Service via heap write overflow in JXL encoder (bsc#1262145). - CVE-2026-40310: Denial of service via heap out-of-bounds write in JP2 encoder (bsc#1262148). - CVE-2026-40311: Denial of Service via heap use-after-free in XMP profile processing (bsc#1262146). - CVE-2026-40312: Denial of Service via malicious MSL file processing (bsc#1262149).
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP6 | ImageMagick | 0, 0 |
| SUSE:Linux Enterprise Server 15 SP6-LTSS | ImageMagick | 0, 0 |
Timeline
- Apr 24, 2026 CVE Published
- Apr 25, 2026 CVE Updated
References
- https://www.suse.com/support/update/announcement/2026/suse-su-20261597-1/ advisory
- https://bugzilla.suse.com/1262097 report
- https://bugzilla.suse.com/1262145 report
- https://bugzilla.suse.com/1262146 report
- https://bugzilla.suse.com/1262147 report
- https://bugzilla.suse.com/1262148 report
- https://bugzilla.suse.com/1262149 report
- https://bugzilla.suse.com/1262150 report
- https://bugzilla.suse.com/1262152 report
- https://bugzilla.suse.com/1262154 report
- https://bugzilla.suse.com/1262155 report
- https://bugzilla.suse.com/1262156 report
- https://www.suse.com/security/cve/CVE-2026-33899 url
- https://www.suse.com/security/cve/CVE-2026-33900 url
- https://www.suse.com/security/cve/CVE-2026-33901 url
- https://www.suse.com/security/cve/CVE-2026-33905 url
- https://www.suse.com/security/cve/CVE-2026-33908 url
- https://www.suse.com/security/cve/CVE-2026-34238 url
- https://www.suse.com/security/cve/CVE-2026-40169 url
- https://www.suse.com/security/cve/CVE-2026-40183 url
…and 3 more