Use After Free

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Use After Free

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

Use After Free

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

GHSA-3J4X-RWRX-XXJ9 mageMagick has a possible use-after-free write in its PDB decoder

A use-after-free vulnerability exists in the PDB decoder that will use a stale pointer when a memory allocation fails and that could result in a crash or a single zero byte write. ==4033155==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 pc 0x5589c1971b24 bp...

Use After Free

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Security update for libjxl

This update for libjxl fixes the following issues: CVE-2025-12474: a specially crafted file can cause the decoder to read pixel data from uninitialized allocated memory bsc1258090. CVE-2026-1837: a specially crafted file can cause the decoder to write pixel data to uninitialized unallocated memor...

SUSE-SU-2026:0648-1 Security update for libjxl

This update for libjxl fixes the following issues: - CVE-2025-12474: a specially crafted file can cause the decoder to read pixel data from uninitialized allocated memory bsc1258090. - CVE-2026-1837: a specially crafted file can cause the decoder to write pixel data to uninitialized unallocated...

SUSE CVE-2026-25897

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versio...

SUSE CVE-2026-25987

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory...

gstreamer1 -- multiple vulnerabilities

The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.1 release: Twelve security vulnerabilities were addressed, including: Out-of-bounds reads and writes in the H.266 video parser, WAV parser, MP4 and ASF demuxers, and DVB subtitle decoder. Integer overflows in the RI...

Gitlab -- vulnerabilities

Gitlab reports: Cross-site Scripting issue in Mermaid sandbox impacts GitLab CE/EE Denial of Service issue in container registry impacts GitLab CE/EE Denial of Service issue in Jira events endpoint impacts GitLab CE/EE Regular Expression Denial of Service issue in GitLab merge requests impacts...

GHSA-7355-PWX2-PM84 ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder

A crafted SVG file can cause a denial of service. An off-by-one boundary check instead of = that allows bypass the guard and reach an undefined sizet cast...

ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder

A crafted SVG file can cause a denial of service. An off-by-one boundary check instead of = that allows bypass the guard and reach an undefined sizet cast...

ImageMagick has a heap buffer over-read in its MAP image decoder

A heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. ================================================================= ==4070926==ERROR: AddressSanitizer:...

ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder

A crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate 674 GB of memory, leading to an out-of-memory abort. Found via AFL++ fuzzing with afl-clang-lto instrumentation and AddressSanitizer...

GHSA-V7G2-M8C5-MF84 ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder

A crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate 674 GB of memory, leading to an out-of-memory abort. Found via AFL++ fuzzing with afl-clang-lto instrumentation and AddressSanitizer...

ImageMagick: Heap overflow in sun decoder on 32-bit systems may result in out of bounds write

An Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. ================================================================= ==1967675==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf190b50...

GHSA-6J5F-24FW-PQP4 ImageMagick: Heap overflow in sun decoder on 32-bit systems may result in out of bounds write

An Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. ================================================================= ==1967675==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf190b50...

CVE-2026-25987

A flaw was found in ImageMagick. A remote attacker could exploit a heap buffer over-read vulnerability in the MAP image decoder by providing a specially crafted MAP file. This could lead to the application crashing, resulting in a denial of service, or unintended memory disclosure during image...

CVE-2026-25970

A flaw was found in ImageMagick. A remote attacker can exploit a signed integer overflow vulnerability in the SIXEL decoder by providing a maliciously crafted SIXEL image file. This vulnerability occurs during buffer reallocation operations and can lead to memory corruption and a denial of servic...