VDB

SUSE-SU-2026%3A1597-1

SUSE-SU-2026%3A1597-1 PUBLISHED CVSS 9.300000190734863 CRITICAL

This update for ImageMagick fixes the following issues: - CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing (bsc#1262154). - CVE-2026-33900: Denial of Service via integer truncation in viff encoder (bsc#1262156). - CVE-2026-33901: Denial of Service due to heap buffer overflow in MVG decoder (bsc#1262155). - CVE-2026-33905: Denial of service via out-of-bounds read in -sample operation (bsc#1262097). - CVE-2026-33908: Denial of Service via deeply nested XML file processing (bsc#1262152). - CVE-2026-34238: Denial of Service via integer overflow in despeckle operation (bsc#1262147). - CVE-2026-40169: Denial of Service via crafted image leading to out-of-bounds write (bsc#1262150). - CVE-2026-40183: Denial of Service via heap write overflow in JXL encoder (bsc#1262145). - CVE-2026-40310: Denial of service via heap out-of-bounds write in JP2 encoder (bsc#1262148). - CVE-2026-40311: Denial of Service via heap use-after-free in XMP profile processing (bsc#1262146). - CVE-2026-40312: Denial of Service via malicious MSL file processing (bsc#1262149).

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
SUSE:Linux Enterprise Server for SAP Applications 15 SP6ImageMagick0, 0
SUSE:Linux Enterprise Server 15 SP6-LTSSImageMagick0, 0

Timeline

  • Apr 24, 2026 CVE Published
  • Apr 25, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›