## This update for ImageMagick fixes the following issues: * CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790). * CVE-2026-24485: denial of service via malformed PCD file processing (bsc#1258791). * CVE-2026-25576: Out of bounds read in multiple coders that read raw pixel data (bsc#1258748). * CVE-2026-25795: Denial of Service due to NULL pointer dereference during temporary file creation failure (bsc#1258792). * CVE-2026-25796: Memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths (bsc#1258757). * CVE-2026-25797: Code injection in various encoders (bsc#1258770). * CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash (bsc#1258786).
* bsc#1258748
* bsc#1258757
* bsc#1258763
* bsc#1258765
* bsc#1258769
* bsc#1258770
* bsc#1258780
* bsc#1258786
* bsc#1258790
* bsc#1258791
* bsc#1258792
* bsc#1258805
* bsc#1258810
* bsc#1258821
* bsc#1259017
Cross-
* CVE-2026-24484
* CVE-2026-24485
* CVE-2026-25576
* CVE-2026-25795
* CVE-2026-25796
* CVE-2026-25797
* CVE-2026-25799
* CVE-2026-25966
* CVE-2026-25983
* CVE-2026-25987
* CVE-2026-25988
* CVE-2026-26066
* CVE-2026-26284
* CVE-2026-26983
* CVE-2026-27799
CVSS scores:
* CVE-2026-24484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-24485 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Get the latest Linux and open source security news straight to your inbox.