Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

SUSE ImageMagick Important Security Update DoS 2026-21380-1

suse
Calendar Grey April 28, 2026
Dist Suse Esm H88
Update for ImageMagick in SUSE fixes important security issues, addressing several denial of service risks.
An update that solves 16 vulnerabilities can now be installed.

Summary

## This update for ImageMagick fixes the following issues: * CVE-2026-32259: stack out-of-bounds write due to a memory allocation failure in the sixel encoder can lead to a crash (bsc#1259612). * CVE-2026-32636: out-of-bounds write of a single zero byte due to bug the `NewXMLTree` method can lead to denial of service (bsc#1259872). * CVE-2026-33535: out-of-bounds write of a zero byte in X11 `display` interaction path can lead to a crash (bsc#1260874). * CVE-2026-33536: stack out-of-bounds write due to incorrect return value on certain platforms can lead to a denial of service (bsc#1260879). * CVE-2026-33899: out-of-bounds write of single zero byte in XML parsing can lead to a denial of service (bsc#1262154). * CVE-2026-33900: heap out-of-bounds write due to integer truncation in viff

References

* bsc#1259612

* bsc#1259872

* bsc#1260874

* bsc#1260879

* bsc#1262097

* bsc#1262145

* bsc#1262146

* bsc#1262147

* bsc#1262148

* bsc#1262149

* bsc#1262150

* bsc#1262152

* bsc#1262153

* bsc#1262154

* bsc#1262155

* bsc#1262156

Cross-

* CVE-2026-32259

* CVE-2026-32636

* CVE-2026-33535

* CVE-2026-33536

* CVE-2026-33899

* CVE-2026-33900

* CVE-2026-33901

* CVE-2026-33902

* CVE-2026-33905

* CVE-2026-33908

* CVE-2026-34238

* CVE-2026-40169

* CVE-2026-40183

* CVE-2026-40310

* CVE-2026-40311

* CVE-2026-40312

CVSS scores:

* CVE-2026-32259 ( SUSE ): 5.9

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-32259 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

* CVE-2026-32259 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

* CVE-2026-32636 ( SUSE ): 6.9

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21380-1
Release Date: 2026-04-22T11:02:58Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here