OPENSUSE-SU-2025:20162-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2025-62594: unsigned underflow and division-by-zero can lead to OOB pointer arithmetic and process crash bsc1252749. - CVE-2025-57807: BlobStream Forward-Seek Under-Allocation bsc1249362. - CVE-2025-62171: incomplete fix for integer...

CLSA-2025-1758704282 Fix CVE(s): CVE-2025-57807

SECURITY UPDATE: heap out-of-bounds write in BlobStream WriteBlob - debian/patches/CVE-2025-57807.patch: enforce extent ≥ offset + length when forward-seeking before writes in MagickCore/blob.c - CVE-2025-57807...

CLSA-2025-1758635329 Fix CVE(s): CVE-2025-57807

SECURITY UPDATE: heap out-of-bounds write in BlobStream WriteBlob - debian/patches/CVE-2025-57807.patch: enforce extent ≥ offset + length when forward-seeking before writes in MagickCore/blob.c - CVE-2025-57807...

ImageMagick BlobStream Forward-Seek Under-Allocation

Reporter: Lumina Mescuwa Product: ImageMagick 7 MagickCore Component: MagickCore/blob.c Blob I/O - BlobStream Tested: 7.1.2-0 source tag and 7.1.2-1 Homebrew, macOS arm64, clang-17, Q16-HDRI Impact: Heap out-of-bounds WRITE attacker-controlled bytes at attacker-chosen offset → memory corruption;...

GHSA-23HG-53Q6-HQFG ImageMagick BlobStream Forward-Seek Under-Allocation

Reporter: Lumina Mescuwa Product: ImageMagick 7 MagickCore Component: MagickCore/blob.c Blob I/O - BlobStream Tested: 7.1.2-0 source tag and 7.1.2-1 Homebrew, macOS arm64, clang-17, Q16-HDRI Impact: Heap out-of-bounds WRITE attacker-controlled bytes at attacker-chosen offset → memory corruption;...

Malicious code in blobstream-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d382e84ee723228a5c95e0b51cc72d8eba6a11548faf22b144cf87ce5179cee7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3028 Malicious code in blobstream-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d382e84ee723228a5c95e0b51cc72d8eba6a11548faf22b144cf87ce5179cee7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...