openSUSE-SU-2025:20162-1

CVE-2025-62594: unsigned underflow and division-by-zero can lead to OOB pointer arithmetic and process crash (bsc#1252749).
CVE-2025-57807: BlobStream Forward-Seek Under-Allocation (bsc#1249362).
CVE-2025-62171: incomplete fix for integer overflow in BMP Decoder (bsc#1252282).
CVE-2025-55298: format string bug vulnerability can lead to heap overflow (bsc#1248780).
CVE-2025-57803: 32-bit integer overflow can lead to heap out-of-bounds (OOB) write (bsc#1248784).
CVE-2025-55212: division-by-zero in ThumbnailImage() when passing a geometry string containing only a colon to montage -geometry (bsc#1248767).

References

Affected packages

openSUSE:Leap 16.0 / ImageMagick

Package

Name: ImageMagick
Purl: pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.1.2.0-160000.4.1

Ecosystem specific

{
    "binaries": [
        {
            "libMagick++-devel": "7.1.2.0-160000.4.1",
            "ImageMagick-devel": "7.1.2.0-160000.4.1",
            "ImageMagick-config-7-upstream-limited": "7.1.2.0-160000.4.1",
            "ImageMagick-extra": "7.1.2.0-160000.4.1",
            "ImageMagick-doc": "7.1.2.0-160000.4.1",
            "libMagick++-7_Q16HDRI5": "7.1.2.0-160000.4.1",
            "perl-PerlMagick": "7.1.2.0-160000.4.1",
            "ImageMagick-config-7-upstream-secure": "7.1.2.0-160000.4.1",
            "libMagickCore-7_Q16HDRI10": "7.1.2.0-160000.4.1",
            "ImageMagick": "7.1.2.0-160000.4.1",
            "libMagickWand-7_Q16HDRI10": "7.1.2.0-160000.4.1",
            "ImageMagick-config-7-upstream-open": "7.1.2.0-160000.4.1",
            "ImageMagick-config-7-SUSE": "7.1.2.0-160000.4.1",
            "ImageMagick-config-7-upstream-websafe": "7.1.2.0-160000.4.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2025:20162-1.json"