Main Vulnerability Database SB2026030957

SB2026030957 - SUSE update for ImageMagick

Published: March 9, 2026

Security Bulletin ID SB2026030957

Severity

High

Patch available

YES

Number of vulnerabilities 27

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 27 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2026-24481)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in PSD (Adobe Photoshop) format handler. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.

2) Resource exhaustion (CVE-ID: CVE-2026-24484)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application fails to check for multi-layer nested mvg conversions to svg. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

3) Resource exhaustion (CVE-ID: CVE-2026-24485)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when parsing a PCD file. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

4) Out-of-bounds read (CVE-ID: CVE-2026-25576)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in multiple raw image format handles. A local attacker can trigger an out-of-bounds read error and read contents of memory on the system.

5) Memory leak (CVE-ID: CVE-2026-25637)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the ASHLAR image writer. A remote attacker can force the application to leak memory and perform denial of service attack.

6) Memory leak (CVE-ID: CVE-2026-25638)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in coders/msl.c. A remote attacker can force the application to leak memory and perform denial of service attack.

7) NULL pointer dereference (CVE-ID: CVE-2026-25795)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the "ReadSFWImage()" function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

8) Memory leak (CVE-ID: CVE-2026-25796)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the "ReadSTEGANOImage()" function on multiple error/early-return paths. A remote attacker can force the application to leak memory and perform denial of service attack.

9) Code Injection (CVE-ID: CVE-2026-25797)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the ps encoders. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

10) NULL pointer dereference (CVE-ID: CVE-2026-25798)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in ClonePixelCacheRepository. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

11) Division by zero (CVE-ID: CVE-2026-25799)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the divide-by-zero issue in YUV sampling factor validation. A remote attacker can cause a denial of service condition on the target system.

12) Heap-based buffer overflow (CVE-ID: CVE-2026-25897)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a boundary error in the sun decoder. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

13) Out-of-bounds read (CVE-ID: CVE-2026-25898)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a boundary condition within negative pixel index in UIL and XPM writer. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack..

14) Path traversal (CVE-ID: CVE-2026-25965)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

15) Improper access control (CVE-ID: CVE-2026-25966)

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in config/policy-secure.xml within "fd handler". A local attacker can bypass implemented security restrictions and gain unauthorized access to the application.

16) Integer overflow (CVE-ID: CVE-2026-25970)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in SIXEL decoder. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

17) Uncontrolled Recursion (CVE-ID: CVE-2026-25971)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to poorly bounded recursion in ProcessMSLScript. A local attacker can cause a denial of service condition on the target system.

18) Use-after-free (CVE-ID: CVE-2026-25983)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in MSLStartElement in MSL decoder. A remote attacker can perform a denial of service (DoS) attack.

19) Out-of-bounds write (CVE-ID: CVE-2026-25986)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. A remote attacker can trigger an out-of-bounds write and perform a denial of service (DoS) attack.

20) Out-of-bounds read (CVE-ID: CVE-2026-25987)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the MAP image decoder when processing crafted MAP files. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.

21) Memory leak (CVE-ID: CVE-2026-25988)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in msl.c. A remote attacker can force the application to leak memory and perform denial of service attack.

22) Integer overflow (CVE-ID: CVE-2026-25989)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in the internal SVG decoder. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

23) Resource exhaustion (CVE-ID: CVE-2026-26066)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when writing IPTCTEXT. A local attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

24) Heap-based buffer overflow (CVE-ID: CVE-2026-26284)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a boundary error in pcd decoder. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and gain acces to sensitive information or perform a denial of service (DoS) attack.

25) NULL pointer dereference (CVE-ID: CVE-2026-26983)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the MSL interpreter. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

26) Out-of-bounds read (CVE-ID: CVE-2026-27798)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in WaveletDenoise with small images. A local attacker can trigger an out-of-bounds read error and read contents of memory on the system.

27) Heap-based buffer overflow (CVE-ID: CVE-2026-27799)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the DJVU image format handler. A local attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and cause a denial of service condition on the target system.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2026/suse-su-20260853-1/

SB2026030957 - SUSE update for ImageMagick

Breakdown by Severity

Description

Remediation

References

Please verify you're human