Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 461
Alerts This Week
Warning Icon 1 461

openSUSE Leap 16.0 ImageMagick Important Heap Overflow Issue 2026-21291-1

opensuse
Calendar Grey July 13, 2026
Dist Opensuse Esm H88
An important security patch for openSUSE solves multiple vulnerabilities in ImageMagick, ensuring system protection and stability.
An update that solves 10 vulnerabilities and has 11 bug fixes can now be installed.

Description

This update for ImageMagick fixes the following issues

- CVE-2026-53466: integer overflow in the XCF decoder can result in an out-of-bounds read when a crafted image is read

(bsc#1270073).

- CVE-2026-53467: allocated memory left unchanged in the MNG decoder can lead to a heap information disclosure

(bsc#1270074).

- CVE-2026-55594: missing depth check in the MVG decoder will result in a stack overflow when a crafted image is

provided (bsc#1270077).

- CVE-2026-55595: providing invalid arguments to the `connected-components` option can lead to an infinite loop

(bsc#1270079).

- CVE-2026-55597: incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder (bsc#1270080).

- CVE-2026-56361: off-by-one error in morphology validation can lead to an out-of-bounds read (bsc#1270001).

- CVE-2026-56363: integer overflow leading to a division by zero in binomial kernel processing can cause an application

crash (bsc#1270002).

- CVE-2026-56364: memory leak in...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

ImageMagick-7.1.2.0-160000.11.1

ImageMagick-config-7-SUSE-7.1.2.0-160000.11.1

ImageMagick-config-7-upstream-limited-7.1.2.0-160000.11.1

ImageMagick-config-7-upstream-open-7.1.2.0-160000.11.1

ImageMagick-config-7-upstream-secure-7.1.2.0-160000.11.1

ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.11.1

ImageMagick-devel-7.1.2.0-160000.11.1

ImageMagick-doc-7.1.2.0-160000.11.1

ImageMagick-extra-7.1.2.0-160000.11.1

libMagick++-7_Q16HDRI5-7.1.2.0-160000.11.1

libMagick++-devel-7.1.2.0-160000.11.1

libMagickCore-7_Q16HDRI10-7.1.2.0-160000.11.1

libMagickWand-7_Q16HDRI10-7.1.2.0-160000.11.1

perl-PerlMagick-7.1.2.0-160000.11.1

References

* bsc#1268640

* bsc#1268878

* bsc#1270001

* bsc#1270002

* bsc#1270003

* bsc#1270073

* bsc#1270074

* bsc#1270077

* bsc#1270079

* bsc#1270080

* bsc#1271099

References:

* https://www.suse.com/security/cve/CVE-2026-53466.html

* https://www.suse.com/security/cve/CVE-2026-53467.html

* https://www.suse.com/security/cve/CVE-2026-55594.html

* https://www.suse.com/security/cve/CVE-2026-55595.html

* https://www.suse.com/security/cve/CVE-2026-55597.html

* https://www.suse.com/security/cve/CVE-2026-56361.html

* https://www.suse.com/security/cve/CVE-2026-56363.html

* https://www.suse.com/security/cve/CVE-2026-56364.html

* https://www.suse.com/security/cve/CVE-2026-56374.html

* https://www.suse.com/security/cve/CVE-2026-56379.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21291-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.