Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

SUSE Linux 12 SP5 ImageMagick Important Denial Service 2026-1201-1

suse
Calendar Grey April 7, 2026
Dist Suse Esm H88
Fixes 15 important vulnerabilities in ImageMagick, addressing potential buffer overflows and denial of service issues.
An update that solves 15 vulnerabilities can now be installed.

Summary

## This update for ImageMagick fixes the following issues: * CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790). * CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). * CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). * CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). * CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451). * CVE-2026-28689: `domain="path"` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452).

References

* bsc#1258790

* bsc#1259447

* bsc#1259448

* bsc#1259450

* bsc#1259451

* bsc#1259452

* bsc#1259455

* bsc#1259456

* bsc#1259457

* bsc#1259463

* bsc#1259466

* bsc#1259467

* bsc#1259528

* bsc#1260874

* bsc#1260879

Cross-

* CVE-2026-24484

* CVE-2026-28494

* CVE-2026-28686

* CVE-2026-28687

* CVE-2026-28688

* CVE-2026-28689

* CVE-2026-28690

* CVE-2026-28691

* CVE-2026-28692

* CVE-2026-28693

* CVE-2026-30883

* CVE-2026-30937

* CVE-2026-31853

* CVE-2026-33535

* CVE-2026-33536

CVSS scores:

* CVE-2026-24484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2026-28494 ( SUSE ): 8.8

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1201-1
Release Date: 2026-04-07T12:24:27Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here