openSUSE-SU-2026:20118-1

CVE-2025-65955: Fixed use-after-free/double-free in ImageMagick (bsc#1254435)
CVE-2025-66628: Fixed Integer Overflow leading to out of bounds read in ImageMagick (32-bit only) (bsc#1254820)
CVE-2025-68618: Fixed that reading a malicious SVG file may result in a DoS attack (bsc#1255821)
CVE-2025-68950: Fixed check for circular references in mvg files may lead to stack overflow (bsc#1255822)
CVE-2025-69204: Fixed an integer overflow can lead to a DoS attack (bsc#1255823)

References

Affected packages

openSUSE:Leap 16.0 / ImageMagick

Package

Name: ImageMagick
Purl: pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.1.2.0-160000.5.1

Ecosystem specific

{
    "binaries": [
        {
            "ImageMagick": "7.1.2.0-160000.5.1",
            "libMagickWand-7_Q16HDRI10": "7.1.2.0-160000.5.1",
            "ImageMagick-config-7-SUSE": "7.1.2.0-160000.5.1",
            "ImageMagick-doc": "7.1.2.0-160000.5.1",
            "ImageMagick-config-7-upstream-secure": "7.1.2.0-160000.5.1",
            "ImageMagick-config-7-upstream-open": "7.1.2.0-160000.5.1",
            "ImageMagick-extra": "7.1.2.0-160000.5.1",
            "libMagickCore-7_Q16HDRI10": "7.1.2.0-160000.5.1",
            "ImageMagick-config-7-upstream-limited": "7.1.2.0-160000.5.1",
            "perl-PerlMagick": "7.1.2.0-160000.5.1",
            "libMagick++-7_Q16HDRI5": "7.1.2.0-160000.5.1",
            "libMagick++-devel": "7.1.2.0-160000.5.1",
            "ImageMagick-devel": "7.1.2.0-160000.5.1",
            "ImageMagick-config-7-upstream-websafe": "7.1.2.0-160000.5.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20118-1.json"