Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

SUSE ImageMagick Memory Leak Remote Flaw SUSE-SU-2028-31561-2

suse
Calendar Grey April 1, 2026
Dist Suse Esm H88
An update for ImageMagick on SUSE fixes 18 important bugs, mitigating stack overflow and DoS issues.
An update that solves 18 vulnerabilities can now be installed.

Summary

## This update for ImageMagick fixes the following issues: * CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790). * CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446). * CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). * CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). * CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). * CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451).

References

* bsc#1258790

* bsc#1259446

* bsc#1259447

* bsc#1259448

* bsc#1259450

* bsc#1259451

* bsc#1259452

* bsc#1259455

* bsc#1259456

* bsc#1259457

* bsc#1259463

* bsc#1259464

* bsc#1259466

* bsc#1259467

* bsc#1259468

* bsc#1259469

* bsc#1259497

* bsc#1259528

Cross-

* CVE-2026-24484

* CVE-2026-28493

* CVE-2026-28494

* CVE-2026-28686

* CVE-2026-28687

* CVE-2026-28688

* CVE-2026-28689

* CVE-2026-28690

* CVE-2026-28691

* CVE-2026-28692

* CVE-2026-28693

* CVE-2026-30883

* CVE-2026-30929

* CVE-2026-30931

* CVE-2026-30935

* CVE-2026-30936

* CVE-2026-30937

* CVE-2026-31853

CVSS scores:

* CVE-2026-24484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20917-1
Release Date: 2026-03-20T09:31:54Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here