Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

openSUSE ImageMagick Key Update Fixes 20 Security Issues Emerging

suse
Calendar Grey April 7, 2026
Dist Suse Esm H88
Critical update addresses 20 security flaws in ImageMagick for openSUSE ensuring system integrity and performance.
An update that solves 20 vulnerabilities can now be installed.

Summary

## This update for ImageMagick fixes the following issues: * CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446). * CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). * CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). * CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). * CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451). * CVE-2026-28689: `domain="path"` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452).

References

* bsc#1259446

* bsc#1259447

* bsc#1259448

* bsc#1259450

* bsc#1259451

* bsc#1259452

* bsc#1259455

* bsc#1259456

* bsc#1259457

* bsc#1259463

* bsc#1259464

* bsc#1259466

* bsc#1259467

* bsc#1259468

* bsc#1259497

* bsc#1259528

* bsc#1259612

* bsc#1259872

* bsc#1260874

* bsc#1260879

Cross-

* CVE-2026-28493

* CVE-2026-28494

* CVE-2026-28686

* CVE-2026-28687

* CVE-2026-28688

* CVE-2026-28689

* CVE-2026-28690

* CVE-2026-28691

* CVE-2026-28692

* CVE-2026-28693

* CVE-2026-30883

* CVE-2026-30929

* CVE-2026-30935

* CVE-2026-30936

* CVE-2026-30937

* CVE-2026-31853

* CVE-2026-32259

* CVE-2026-32636

* CVE-2026-33535

* CVE-2026-33536

CVSS scores:

* CVE-2026-28493 ( SUSE ): 8.8

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1203-1
Release Date: 2026-04-07T12:25:00Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here