<div class="container">
<h1>Security update for ImageMagick</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2026:20917-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2026-03-20T09:31:54Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1258790">bsc#1258790</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259446">bsc#1259446</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259447">bsc#1259447</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259448">bsc#1259448</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259450">bsc#1259450</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259451">bsc#1259451</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259452">bsc#1259452</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259455">bsc#1259455</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259456">bsc#1259456</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259457">bsc#1259457</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259463">bsc#1259463</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259464">bsc#1259464</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259466">bsc#1259466</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259467">bsc#1259467</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259468">bsc#1259468</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259469">bsc#1259469</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259497">bsc#1259497</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259528">bsc#1259528</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-24484.html">CVE-2026-24484</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-28493.html">CVE-2026-28493</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-28494.html">CVE-2026-28494</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-28686.html">CVE-2026-28686</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-28687.html">CVE-2026-28687</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-28688.html">CVE-2026-28688</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-28689.html">CVE-2026-28689</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-28690.html">CVE-2026-28690</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-28691.html">CVE-2026-28691</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-28692.html">CVE-2026-28692</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-28693.html">CVE-2026-28693</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-30883.html">CVE-2026-30883</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-30929.html">CVE-2026-30929</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-30931.html">CVE-2026-30931</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-30935.html">CVE-2026-30935</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-30936.html">CVE-2026-30936</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-30937.html">CVE-2026-30937</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-31853.html">CVE-2026-31853</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-24484</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-24484</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-24484</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28493</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28493</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.2</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28493</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28494</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28494</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.6</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28494</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28686</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28686</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.2</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28686</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28687</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.7</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28687</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28687</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28688</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28688</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28688</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28688</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28689</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.2</span>
<span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28689</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.3</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28689</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.3</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28690</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28690</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.6</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28690</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28690</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.9</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28691</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.7</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28691</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28691</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28692</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28692</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.2</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28692</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28693</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28693</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.6</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-28693</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">8.1</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30883</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30883</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.6</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30883</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30883</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30929</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30929</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.6</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30929</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30929</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30931</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30931</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.6</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30931</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30931</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30935</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.8</span>
<span class="cvss-vector">CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30935</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.4</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30935</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.4</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30936</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.7</span>
<span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30936</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30936</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30937</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30937</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30937</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-30937</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-31853</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.3</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-31853</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.6</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-31853</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-31853</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise Server - BCI 16.0</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves 18 vulnerabilities can now be installed.</p>
<h2>Description:</h2>
<p>This update for ImageMagick fixes the following issues:</p>
<ul>
<li>CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790).</li>
<li>CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446).</li>
<li>CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow
(bsc#1259447).</li>
<li>CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow
(bsc#1259448).</li>
<li>CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450).</li>
<li>CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451).</li>
<li>CVE-2026-28689: <code>domain="path"</code> authorization is checked before final file open/use and allows for read/write bypass
via symlink swaps (bsc#1259452).</li>
<li>CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456).</li>
<li>CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455).</li>
<li>CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457).</li>
<li>CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of-bounds read or write (bsc#1259466).</li>
<li>CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467).</li>
<li>CVE-2026-30929: improper use of fixed-size stack buffer in <code>MagnifyImage</code>can lead to a stack buffer overflow
(bsc#1259468).</li>
<li>CVE-2026-30931: value truncation in the UHDR encoder can lead to a heap buffer overflow (bsc#1259469).</li>
<li>CVE-2026-30935: heap-based buffer over-read in BilateralBlurImage (bsc#1259497).</li>
<li>CVE-2026-30936: heap Buffer Overflow in WaveletDenoiseImage (bsc#1259464).</li>
<li>CVE-2026-30937: heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463).</li>
<li>CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely
large images (bsc#1259528).</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Server - BCI 16.0
<br/>
<code>zypper in -t patch SUSE-SLES-16.0-419=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64)
<ul>
<li>libMagick++-devel-7.1.2.0-160000.7.1</li>
<li>perl-PerlMagick-7.1.2.0-160000.7.1</li>
<li>libMagickWand-7_Q16HDRI10-debuginfo-7.1.2.0-160000.7.1</li>
<li>ImageMagick-extra-7.1.2.0-160000.7.1</li>
<li>ImageMagick-debugsource-7.1.2.0-160000.7.1</li>
<li>libMagick++-7_Q16HDRI5-debuginfo-7.1.2.0-160000.7.1</li>
<li>libMagickCore-7_Q16HDRI10-debuginfo-7.1.2.0-160000.7.1</li>
<li>libMagickWand-7_Q16HDRI10-7.1.2.0-160000.7.1</li>
<li>perl-PerlMagick-debuginfo-7.1.2.0-160000.7.1</li>
<li>ImageMagick-extra-debuginfo-7.1.2.0-160000.7.1</li>
<li>libMagickCore-7_Q16HDRI10-7.1.2.0-160000.7.1</li>
<li>libMagick++-7_Q16HDRI5-7.1.2.0-160000.7.1</li>
<li>ImageMagick-7.1.2.0-160000.7.1</li>
<li>ImageMagick-devel-7.1.2.0-160000.7.1</li>
<li>ImageMagick-debuginfo-7.1.2.0-160000.7.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server - BCI 16.0 (noarch)
<ul>
<li>ImageMagick-config-7-upstream-open-7.1.2.0-160000.7.1</li>
<li>ImageMagick-config-7-upstream-limited-7.1.2.0-160000.7.1</li>
<li>ImageMagick-config-7-upstream-secure-7.1.2.0-160000.7.1</li>
<li>ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.7.1</li>
<li>ImageMagick-config-7-SUSE-7.1.2.0-160000.7.1</li>
<li>ImageMagick-doc-7.1.2.0-160000.7.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-24484.html">https://www.suse.com/security/cve/CVE-2026-24484.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-28493.html">https://www.suse.com/security/cve/CVE-2026-28493.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-28494.html">https://www.suse.com/security/cve/CVE-2026-28494.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-28686.html">https://www.suse.com/security/cve/CVE-2026-28686.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-28687.html">https://www.suse.com/security/cve/CVE-2026-28687.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-28688.html">https://www.suse.com/security/cve/CVE-2026-28688.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-28689.html">https://www.suse.com/security/cve/CVE-2026-28689.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-28690.html">https://www.suse.com/security/cve/CVE-2026-28690.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-28691.html">https://www.suse.com/security/cve/CVE-2026-28691.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-28692.html">https://www.suse.com/security/cve/CVE-2026-28692.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-28693.html">https://www.suse.com/security/cve/CVE-2026-28693.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-30883.html">https://www.suse.com/security/cve/CVE-2026-30883.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-30929.html">https://www.suse.com/security/cve/CVE-2026-30929.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-30931.html">https://www.suse.com/security/cve/CVE-2026-30931.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-30935.html">https://www.suse.com/security/cve/CVE-2026-30935.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-30936.html">https://www.suse.com/security/cve/CVE-2026-30936.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-30937.html">https://www.suse.com/security/cve/CVE-2026-30937.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-31853.html">https://www.suse.com/security/cve/CVE-2026-31853.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1258790">https://bugzilla.suse.com/show_bug.cgi?id=1258790</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259446">https://bugzilla.suse.com/show_bug.cgi?id=1259446</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259447">https://bugzilla.suse.com/show_bug.cgi?id=1259447</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259448">https://bugzilla.suse.com/show_bug.cgi?id=1259448</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259450">https://bugzilla.suse.com/show_bug.cgi?id=1259450</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259451">https://bugzilla.suse.com/show_bug.cgi?id=1259451</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259452">https://bugzilla.suse.com/show_bug.cgi?id=1259452</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259455">https://bugzilla.suse.com/show_bug.cgi?id=1259455</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259456">https://bugzilla.suse.com/show_bug.cgi?id=1259456</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259457">https://bugzilla.suse.com/show_bug.cgi?id=1259457</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259463">https://bugzilla.suse.com/show_bug.cgi?id=1259463</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259464">https://bugzilla.suse.com/show_bug.cgi?id=1259464</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259466">https://bugzilla.suse.com/show_bug.cgi?id=1259466</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259467">https://bugzilla.suse.com/show_bug.cgi?id=1259467</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259468">https://bugzilla.suse.com/show_bug.cgi?id=1259468</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259469">https://bugzilla.suse.com/show_bug.cgi?id=1259469</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259497">https://bugzilla.suse.com/show_bug.cgi?id=1259497</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259528">https://bugzilla.suse.com/show_bug.cgi?id=1259528</a>
</li>
</ul>
</div>