-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 12 Apr 2026 21:57:53 +0200 Source: imagemagick Architecture: source Version: 8:6.9.11.60+dfsg-1.6+deb12u8 Distribution: bookworm-security Urgency: high Maintainer: ImageMagick Packaging Team Changed-By: Bastien Roucariès Changes: imagemagick (8:6.9.11.60+dfsg-1.6+deb12u8) bookworm-security; urgency=high . * Fix a regression for CVE-2026-25796 * Fix CVE-2026-25985: A crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort. * Fix CVE-2026-26284: ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. * Fix CVE-2026-26983: The MSL interpreter crashes when processing a invalid `` element that causes it to use an image after it has been freed. * Fix CVE-2026-28494: A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption. * Fix CVE-2026-28686: A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. * Fix CVE-2026-28687: A heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file * Fix CVE-2026-28688: A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed * Fix CVE-2026-28689: domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write * Fix CVE-2026-28690: A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. * Fix CVE-2026-28691: An uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. * Fix CVE-2026-28692: MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. * Fix CVE-2026-28693: An integer overflow in DIB coder can result in out of bounds read or write. * Fix CVE-2026-30883: An extremely large image profile could result in a heap overflow when encoding a PNG image * Fix CVE-2026-30936: A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. * Fix CVE-2026-30937: A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. * Fix CVE-2026-31853: An overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. * Fix CVE-2026-32259: When a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. * Fix CVE-2026-32636: The NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte * Fix CVE-2026-33535: An out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. * Fix CVE-2026-33536: Due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write Checksums-Sha1: 7ffbb8ee55e0361b83360c7e42a387eea7f728f9 5105 imagemagick_6.9.11.60+dfsg-1.6+deb12u8.dsc 824a63dce5e54bd8b78077d671d8ab06300a8848 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz 856ea3136f98daf87f829027fbcbc020c02a41fc 320480 imagemagick_6.9.11.60+dfsg-1.6+deb12u8.debian.tar.xz 97792f112e94eee1c5b1a2e3603f9078b82dd23d 8485 imagemagick_6.9.11.60+dfsg-1.6+deb12u8_source.buildinfo Checksums-Sha256: be33aab0ffb7122333a22f89afda0c872304c37d68db4425040365842cbd8696 5105 imagemagick_6.9.11.60+dfsg-1.6+deb12u8.dsc 472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz 77abe4965d1582fb9eac30605b8b48de27c0b4934d910560806dad01227664e9 320480 imagemagick_6.9.11.60+dfsg-1.6+deb12u8.debian.tar.xz d7c8be9c6cdced93c41a56a21d3e11206e70fe2898e61ab4803588ccdb2d8bf6 8485 imagemagick_6.9.11.60+dfsg-1.6+deb12u8_source.buildinfo Files: 82da4869f369a4ebe1a73ce17b3eabd8 5105 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u8.dsc 8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional imagemagick_6.9.11.60+dfsg.orig.tar.xz 1b34ad7c7c15099a4c948cb9893bffb3 320480 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u8.debian.tar.xz 7c9ab43c1537a2bb8f10592e5a62cb05 8485 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u8_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmneVCEACgkQADoaLapB CF/QtA/+KFpRjgX08B/byDB30AoQI/qJp2wwfOgIbPWVw90xyrnoBnEy6B3w2/7R RupQ1yksFCiE/lj/sFGQ4+NSGqddwtD8dEY2PEj2+tD7YEPr6Fo0DEF7qRa2gX6l 4C7gTQEaQFl8tbROiucvuY+jt7reMXqMI8PHwGCh6C+eEKiFN0RkMsgFG7Qxl1jL L36yjIi+yJm8a/Uou2KxfZhQ8sykZYFVlCnCx7yBXj6L/JXdf4ztxXj3nLY5zwjx MnZwFQhoK8U9T0pQtOYzkwRCHDgHqitMYWVP0eChiSu96RrCHQnBFB4LrpxYWV8q /AGWYvFFlCY0GWYzSPj4Z9ln7tmPftYfiNM9hjugNtPQZa7coW+M7cfrFDEWbRk2 fCQJo1J28YVniIiH8HvnVYb9SV5x/ASHGpKLWuRGbcGagoX8ulqeT1x1fyGTIVa5 MlAdeTL7Y73hIUgQJLrAoxW1dFNp8rso5h2jzS4S3H7H3w4a4eK6yfdici2IMaXh 5aB5Y2Sz2RASSULSO3PqJegZRFE4kldDL8o+ZEQzWFhHz98ZG3zQO6V9lymX0cJN /gnb10zD8ySZZGFv8Rf40C7nia6cCiDSYvZG7NVwI6ZXqytXYkcRyz31D1+XZgmA KHSB/SVQepPu3/TMJqxc/XtdMMNsZ9tdmrLzaCZzHs6Oq2FeP/8= =EPHz -----END PGP SIGNATURE-----