-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 12 Apr 2026 21:57:53 +0200 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc imagemagick-common imagemagick-doc libimage-magick-perl libmagick++-6-headers libmagick++-dev libmagickcore-6-headers libmagickcore-dev libmagickwand-6-headers libmagickwand-dev perlmagick Architecture: all Version: 8:6.9.11.60+dfsg-1.6+deb12u8 Distribution: bookworm-security Urgency: high Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Bastien Roucariès Description: imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Changes: imagemagick (8:6.9.11.60+dfsg-1.6+deb12u8) bookworm-security; urgency=high . * Fix a regression for CVE-2026-25796 * Fix CVE-2026-25985: A crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort. * Fix CVE-2026-26284: ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. * Fix CVE-2026-26983: The MSL interpreter crashes when processing a invalid `` element that causes it to use an image after it has been freed. * Fix CVE-2026-28494: A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption. * Fix CVE-2026-28686: A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. * Fix CVE-2026-28687: A heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file * Fix CVE-2026-28688: A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed * Fix CVE-2026-28689: domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write * Fix CVE-2026-28690: A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. * Fix CVE-2026-28691: An uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. * Fix CVE-2026-28692: MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. * Fix CVE-2026-28693: An integer overflow in DIB coder can result in out of bounds read or write. * Fix CVE-2026-30883: An extremely large image profile could result in a heap overflow when encoding a PNG image * Fix CVE-2026-30936: A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. * Fix CVE-2026-30937: A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. * Fix CVE-2026-31853: An overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. * Fix CVE-2026-32259: When a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. * Fix CVE-2026-32636: The NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte * Fix CVE-2026-33535: An out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. * Fix CVE-2026-33536: Due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write Checksums-Sha1: 99b26f7eed2f32ab621b10d678318c51e0c622c5 171848 imagemagick-6-common_6.9.11.60+dfsg-1.6+deb12u8_all.deb 63bb6062d79291cd3454772011c66370b68ac8be 7897464 imagemagick-6-doc_6.9.11.60+dfsg-1.6+deb12u8_all.deb 46f4b779b4a32992f1372bf29186d1a9f6f5af97 1512 imagemagick-common_6.9.11.60+dfsg-1.6+deb12u8_all.deb 656963e5c0cfccbdecfacad47d2ccb9eef17192b 1620 imagemagick-doc_6.9.11.60+dfsg-1.6+deb12u8_all.deb 4fc8c8ab69cf6ea555c03727cec0d9b095792b17 18972 imagemagick_6.9.11.60+dfsg-1.6+deb12u8_all-buildd.buildinfo f6cf478bce945e4421336bb39355df838d83800d 53312 libimage-magick-perl_6.9.11.60+dfsg-1.6+deb12u8_all.deb 5ea72a732f769d3b35f93768e2ab4758cab03fcf 47516 libmagick++-6-headers_6.9.11.60+dfsg-1.6+deb12u8_all.deb dc190c09362185b22b73eb368c67db22ccb53a16 1368 libmagick++-dev_6.9.11.60+dfsg-1.6+deb12u8_all.deb 7e3a4a3200200ffbe69673935007d9b041d66d0d 50936 libmagickcore-6-headers_6.9.11.60+dfsg-1.6+deb12u8_all.deb 1d61fb2442ad97c23f6df494c8ce77f88e8c6cb0 1336 libmagickcore-dev_6.9.11.60+dfsg-1.6+deb12u8_all.deb 9e8539c33c53f8aaf025abb2df26ec9a21d168b8 10508 libmagickwand-6-headers_6.9.11.60+dfsg-1.6+deb12u8_all.deb 9e67164253c757831ce111dfaa11074f246b61c9 1324 libmagickwand-dev_6.9.11.60+dfsg-1.6+deb12u8_all.deb 5b3f5ceb50e0cf958f4db21cd7127662314c5c4f 1360 perlmagick_6.9.11.60+dfsg-1.6+deb12u8_all.deb Checksums-Sha256: 5c0646c2d7524d6269affb8763c5dfcc923ee3029f528d8dacc907706ed96fb8 171848 imagemagick-6-common_6.9.11.60+dfsg-1.6+deb12u8_all.deb 997dfee8676d67e80c1a20592b9014021023dc8cf3f456553254d8a053b29c01 7897464 imagemagick-6-doc_6.9.11.60+dfsg-1.6+deb12u8_all.deb 7b63c57f13cdf58a3c21b2d10cdfe3c9ed660dddef3575115d289b5d5a7bdb40 1512 imagemagick-common_6.9.11.60+dfsg-1.6+deb12u8_all.deb 3e55347c4692c08dc444598c5033f859ffab9813c061932bb9b7fe3849f1b1f6 1620 imagemagick-doc_6.9.11.60+dfsg-1.6+deb12u8_all.deb 6b2ae7ec4f779153a18090e2ddf026d0dfbd58d619cea74dbf2743555df5df00 18972 imagemagick_6.9.11.60+dfsg-1.6+deb12u8_all-buildd.buildinfo 7b85cd159b8ce0d3b3c72f224dc5518c8ce37630f89f6b96578a9ae1f044114b 53312 libimage-magick-perl_6.9.11.60+dfsg-1.6+deb12u8_all.deb 2404249bb9d4841bb7c40aacdef0a7197a23e08c00aa369a226cf899bcfbca39 47516 libmagick++-6-headers_6.9.11.60+dfsg-1.6+deb12u8_all.deb 02a822c69ffc0c07b66c4442009709340e4c92f33e7093f0ff0b5dd0705af2fe 1368 libmagick++-dev_6.9.11.60+dfsg-1.6+deb12u8_all.deb 977c0b08366814812c5756e5ebeb6c39110ce9c7dcba0dae7e900c0e86b13b54 50936 libmagickcore-6-headers_6.9.11.60+dfsg-1.6+deb12u8_all.deb 4338a2108cc450f26d94c5e5a307ec7c4dd24e43f3e220454349aae0d7867435 1336 libmagickcore-dev_6.9.11.60+dfsg-1.6+deb12u8_all.deb d6ac9d61b92ccea1ce8c0459793d15ef71606ecfcbc857c4256fa8ee2a7c5dd2 10508 libmagickwand-6-headers_6.9.11.60+dfsg-1.6+deb12u8_all.deb cf3451099512a7546b273f3661c9e06adfa27b4607cbff9f8e4e0e50db9d2612 1324 libmagickwand-dev_6.9.11.60+dfsg-1.6+deb12u8_all.deb 2c0d3e114fc03c4cccb984d55e556caf9a994058b39520649ba4ec3d8abfd708 1360 perlmagick_6.9.11.60+dfsg-1.6+deb12u8_all.deb Files: dd56755f2f95571dd0cc822e095248b8 171848 graphics optional imagemagick-6-common_6.9.11.60+dfsg-1.6+deb12u8_all.deb 3a5977c4f54eb3f967ecf8b314d08d08 7897464 doc optional imagemagick-6-doc_6.9.11.60+dfsg-1.6+deb12u8_all.deb cb0b01fb1a95449993589fe38f5822da 1512 oldlibs optional imagemagick-common_6.9.11.60+dfsg-1.6+deb12u8_all.deb 9538590c19180e9a8923bfa9255e8b71 1620 oldlibs optional imagemagick-doc_6.9.11.60+dfsg-1.6+deb12u8_all.deb ebf54bbd4c962e508a50e2315239e093 18972 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u8_all-buildd.buildinfo 8fa52336edcda56d6a95ab9bf074706d 53312 perl optional libimage-magick-perl_6.9.11.60+dfsg-1.6+deb12u8_all.deb 131f2468d46ceb0d38459df871f89ce0 47516 libdevel optional libmagick++-6-headers_6.9.11.60+dfsg-1.6+deb12u8_all.deb 576565a83bc7959fc77eb219eaea9dd9 1368 oldlibs optional libmagick++-dev_6.9.11.60+dfsg-1.6+deb12u8_all.deb 034462308cfe3f957df759cfe570a52f 50936 libdevel optional libmagickcore-6-headers_6.9.11.60+dfsg-1.6+deb12u8_all.deb 70bf407d74a04d7931416365d104bfe9 1336 oldlibs optional libmagickcore-dev_6.9.11.60+dfsg-1.6+deb12u8_all.deb f3c483ca6f84a45303ed34abafff4d5b 10508 libdevel optional libmagickwand-6-headers_6.9.11.60+dfsg-1.6+deb12u8_all.deb 9e4568b813c6369f9714ef18ee3949a1 1324 oldlibs optional libmagickwand-dev_6.9.11.60+dfsg-1.6+deb12u8_all.deb ab51c1a06bea2314f1c92188b0513f5d 1360 oldlibs optional perlmagick_6.9.11.60+dfsg-1.6+deb12u8_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmneW1UACgkQmgPNRvTf /zeP3w/7Btb9hU9eAbbvZEUU2OGGASxfLYkB4a/a2mamKpfT7CCep2afbMe53e4Z i1T8HBYqClOK55irtohDxCdCwQRRrbj7px7DUEbRVohflEF1j1s+VGZNehb6UoJF SQi3HuLyJDcKnpFSSoYnwe+u/SSxVdTCpoBFQIyjfeSvJ2XpfVV2cA+5CUAg3GI1 IGaaQf1BnGmluDSm61mqOgRH3jiKDzABIxkU0In/MZ+f6iPYB8uVQ5A1wqzCloeb SXfDxHGRSrTS98zfjSkD7So2KjpN3+3MO04Ogy9g7ApPA2VkzQ4brDyEyso4G403 8lNffMsSgGzQlZShuRQYR0Pt8HEZAhVNn8rnMXbhsEHieH4PiINq8Umfzinj5t/Y W/O4NcnoyRin0gZIBQxqioXWmQOcoZiCqNOHdmgRl9NNW2szxQfRw3wmjYaEki3Z 1fQZFDAz0POH7bzSLfg9DZ750ASHL2U8JRNW7PQtWjZwZvCbqGoH4g3gmFJe+WBL Lb7lrE/RkEh4r/E3SEQRuo1pwn676ehrwODSlnyShCfH8ypy/AQQ2pe+z0HuhZ42 JgNFLC/jE7uYrdjHF8fiM13oRO8lUt7EQ6bGjscQ71F3yUWA3LqN4NXXeOQm2vpE Ri7pkZCiaZmtn4zwOCjN1Q7ztrcxkqBquP3JgschIBffW6HdVkw= =g3RW -----END PGP SIGNATURE-----