Main Vulnerability Database SB2026062402

SB2026062402 - SUSE update for ImageMagick

Published: June 24, 2026

Security Bulletin ID SB2026062402

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 29

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 29 vulnerabilities.

1) Heap-based buffer overflow (CVE-ID: CVE-2026-33899)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in the XML parser when parsing XML files. A remote attacker can send a specially crafted XML file to cause a denial of service.

A single zero byte may be written out of bounds during XML parsing.

2) Integer overflow (CVE-ID: CVE-2026-33900)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to integer overflow or wraparound in the viff encoder when processing crafted input on 32-bit builds. A remote attacker can send a specially crafted file to trigger an out-of-bounds heap write and cause a denial of service.

Only 32-bit builds are vulnerable.

3) Heap-based buffer overflow (CVE-ID: CVE-2026-33901)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to a heap-based buffer overflow in the MVG decoder when processing a crafted image. A remote attacker can send a specially crafted image to cause a denial of service.

The issue could result in an out-of-bounds write.

4) Uncontrolled Recursion (CVE-ID: CVE-2026-33908)

CWE-ID: CWE-674 - Uncontrolled Recursion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled recursion in the DestroyXMLTree function when processing deeply nested XML input. A remote attacker can send a specially crafted XML file to cause a denial of service.

5) Integer overflow (CVE-ID: CVE-2026-34238)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to integer overflow in the despeckle operation when processing crafted input on 32-bit builds. A remote attacker can trigger an out-of-bounds write to cause a denial of service.

Only 32-bit builds are vulnerable.

6) Heap-based buffer overflow (CVE-ID: CVE-2026-40169)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in the YAML and JSON encoders when writing yaml or json output. A remote attacker can process a crafted image to cause a denial of service.

7) Heap-based buffer overflow (CVE-ID: CVE-2026-40310)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in the JP2 encoder when processing input with an invalid sampling index. A remote attacker can trick the victim into processing a crafted file to cause a denial of service.

User interaction is required to process the crafted input.

8) Use-after-free (CVE-ID: CVE-2026-40311)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to use-after-free in XMP profile processing when parsing an invalid XMP profile. A remote attacker can trick the victim into opening a crafted file to cause a denial of service.

User interaction is required to process the crafted input.

9) Stack-based buffer overflow (CVE-ID: CVE-2026-42050)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to stack-based buffer overflow in XTileImage when processing a malicious MIFF file in the display tool after a tile is right-clicked to invoke the Load / Update menu item. A remote attacker can trick the victim into opening a crafted MIFF file to cause a denial of service.

User interaction is required to open the crafted file and invoke the menu item.

10) Out-of-bounds read (CVE-ID: CVE-2026-42326)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.

The vulnerability exists due to out-of-bounds read in the IPTC encoder when writing an IPTC output file. A remote attacker can supply a malicious input file to disclose sensitive information and cause a denial of service.

The out-of-bounds read is limited to a single byte.

11) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2026-45031)

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to allocation of resources without limits or throttling in the PSD decoder when decoding a PSD image. A remote attacker can supply a specially crafted PSD image to cause a denial of service.

Other security limits still apply.

12) Out-of-bounds read (CVE-ID: CVE-2026-45359)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.

The vulnerability exists due to out-of-bounds read in the connected components operation when processing an invalid connected-components:keep-top define value. A remote attacker can supply a crafted connected-components:keep-top value to disclose sensitive information and cause a denial of service.

13) Out-of-bounds read (CVE-ID: CVE-2026-45624)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.

The vulnerability exists due to out-of-bounds read in the distort operation when performing a polynomial distortion with specific arguments. A remote attacker can supply specific arguments to disclose sensitive information and cause a denial of service.

14) Resource exhaustion (CVE-ID: CVE-2026-45664)

CWE-ID: CWE-400 - Resource exhaustion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled resource consumption in the MNG decoder when processing crafted MNG images. A remote attacker can supply input that causes the decoder to read more images than the list limit policy allows to cause a denial of service.

15) Out-of-bounds write (CVE-ID: CVE-2026-46520)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in IPL decoder when reading multiple images of different dimensions. A remote attacker can trigger an out-of-bounds write and perform a denial of service (DoS) attack on the system.

16) Out-of-bounds write (CVE-ID: CVE-2026-46521)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in MIFF encoder when using LZMA compression. A remote attacker can trigger an out-of-bounds write and perform a denial of service (DoS) attack on the system.

17) Infinite loop (CVE-ID: CVE-2026-46522)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the MIFF decoder. A remote attacker can consume all available system resources and cause denial of service conditions.

18) Use-after-free (CVE-ID: CVE-2026-46523)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in MSL decoder. A local attacker can perform a denial of service (DoS) attack.

19) Out-of-bounds write (CVE-ID: CVE-2026-46559)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the JP2 encoder. A local attacker can trigger an out-of-bounds write and perform a denial of service (DoS) attack on the target system.

20) Heap-based buffer overflow (CVE-ID: CVE-2026-46692)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged user to cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in the distributed pixel cache server when handling connections to the magick -distribute-cache service. A local privileged user can connect to the service to cause a denial of service.

21) Race condition (CVE-ID: CVE-2026-46693)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged user to disclose sensitive information.

The vulnerability exists due to a race condition in the distributed pixel cache server when handling connections to the magick -distribute-cache service. A local privileged user can win the race condition to hijack a file descriptor in the server process to disclose sensitive information.

22) Missing Authentication for Critical Function (CVE-ID: CVE-2026-47165)

CWE-ID: CWE-306 - Missing Authentication for Critical Function

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged user to disclose sensitive information.

The vulnerability exists due to improper authentication in distributed pixel cache server when handling distributed pixel cache connections. A local privileged user can access the service without a challenge-response authentication model to disclose sensitive information.

23) Out-of-bounds read (CVE-ID: CVE-2026-47166)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged user to disclose sensitive information and cause a denial of service.

The vulnerability exists due to out-of-bounds read in the distributed pixel cache server when handling connections to the magick -distribute-cache service. A local privileged user can connect to the service to disclose sensitive information and cause a denial of service.

24) Uncontrolled Recursion (CVE-ID: CVE-2026-48734)

CWE-ID: CWE-674 - Uncontrolled Recursion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled recursion in the MVG decoder when parsing a crafted MVG file. A remote attacker can trick the victim into opening a crafted file to cause a denial of service.

User interaction is required to open a crafted file.

25) Heap-based buffer overflow (CVE-ID: CVE-2026-48994)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in MAT decoder on 32-bit systems. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and cause a denial of service condition on the target system.

26) Input validation error (CVE-ID: CVE-2026-49218)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the DCM decoder when parsing crafted DCM images. A remote attacker can supply a specially crafted DCM image to cause a denial of service.

The issue can produce an image with invalid dimensions, which may lead to crashes in subsequent operations.

27) Input validation error (CVE-ID: CVE-2026-53460)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in AcquireAlignedMemory when processing memory allocation requests. A remote attacker can trigger excessive memory allocation to cause a denial of service.

28) NULL pointer dereference (CVE-ID: CVE-2026-53463)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to null pointer dereference in distort operation when processing incorrect arguments. A remote attacker can pass incorrect arguments to cause a denial of service.

User interaction is required to process the crafted input.

29) Memory leak (CVE-ID: CVE-2026-53464)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to missing release of memory after effective lifetime in wand option parser when processing invalid arguments. A remote attacker can provide invalid options to cause a denial of service.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2026/suse-su-20262580-1/

SB2026062402 - SUSE update for ImageMagick

Breakdown by Severity

Description

Remediation

References

Please verify you're human