SUSE-SU-2026:1497-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24484: denial of service via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. - CVE-2026-28494: missing bounds checks in the...

CLSA-2026-1775651477 Fix CVE(s): CVE-2026-24484

SECURITY UPDATE: denial-of-service from multi-layer nested MVG-to-SVG conversions - debian/patches/CVE-2026-24484.patch: Add recursion-depth check and throw VectorGraphicsNestedTooDeeply on reaching maximum; prevent crash from unbounded nesting of graphic-context elements. -...

openSUSE 16 Security Update : ImageMagick (openSUSE-SU-2026:20337-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20337-1 advisory. - CVE-2026-22770: improper pointer initialization can cause denial of service bsc1256969. - CVE-2026-23874: manipulation of digital images can...

SUSE CVE-2026-24484

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch...

ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS

Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS...

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

CVE-2026-24484

CVE-2026-24484 affects ImageMagick. A flaw in processing multi-layer nested MVG conversions to SVG can cause a DoS. Versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable; a patch is available in those series (7.1.2-15 and 6.9.13-40). The issue is tied to the conversion logic within Magick’s MVG...

CVE-2026-24484 ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch...

CVE-2026-24484 ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch...

CVE-2025-69204 ImageMagick converting a malicious MVG file to SVG caused an integer overflow.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store numberattributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack...

EUVD-2016-6191

Malware in sbrugna...

EUVD-2022-5566

Malicious code in bioql PyPI...

CairoSVG improperly processes SVG files loaded from external resources

When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts. When CairoSVG processes an SVG file, it can send requests to external hosts and wait for a response from the external server after a successful TCP handshake. This will cause the server to han...

SketchSVG 代码注入漏洞

eBay SketchSVG is eBay's tool for extracting icons from Sketch files and compressing them into SVGs. A security vulnerability exists in SketchSVG that stems from vulnerability to arbitrary code injection when shell.exec is called...

Server-Side Request Forgery (SSRF) in sterlp/svg2png

:book: Description Svg2Png Manage your Icons in SVG and generate the needed PNG into your projects as needed. No "Web Service" needed, just an executable JAR file. this package is vulnerable to XXE. https://github.com/sterlp/svg2png :recycle: Steps To Reproduce-: 0 download and run latest release...

Cross-site Scripting (XSS)

dompurify is vulnerable to Cross-Site ScriptingXSS. The vulnerability exists when converting from the SVG namespace, allowing an attacker to inject and execute arbitrary Javascript...

openSUSE Security Update : GraphicsMagick (openSUSE-2016-825)

GraphicsMagick was updated to fix 37 security issues. These security issues were fixed : - CVE-2014-9810: SEGV in dpx file handler bsc983803. - CVE-2014-9811: Crash in xwd file handler bsc984032. - CVE-2014-9813: Crash on corrupted viff file bsc984035. - CVE-2014-9814: NULL pointer dereference in...

java-batik: xml external entity injection

Batik offers several classes for SVG to PNG/JPG conversion, which suffer from a XML External Entity Injection due to the evaluation of external entities within the given SVG file. If an application offers the possibility to upload a SVG file an attacker can put in a malicious formed file and...

DEBIAN-CVE-2015-0250

XML external entity XXE vulnerability in the SVG to 1 PNG and 2 JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file...