-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 15 Apr 2026 16:58:20 +0200 Source: imagemagick Architecture: source Version: 8:6.9.11.60+dfsg-1.3+deb11u11 Distribution: bullseye-security Urgency: medium Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Changes: imagemagick (8:6.9.11.60+dfsg-1.3+deb11u11) bullseye-security; urgency=medium . * Fix CVE-2026-25971: Magick fails to check for circular references between two MSLs, leading to a stack overflow. * Fix CVE-2026-25985: A crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort. * Fix CVE-2026-26284: ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. * Fix CVE-2026-26983: The MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed. * Fix CVE-2026-28494: A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption. * Fix CVE-2026-28686: A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. * Fix CVE-2026-28687: A heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file * Fix CVE-2026-28688: A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed * Fix CVE-2026-28689: domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write * Fix CVE-2026-28690: A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. * Fix CVE-2026-28691: An uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. * Fix CVE-2026-28692: MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. * Fix CVE-2026-28693: An integer overflow in DIB coder can result in out of bounds read or write. * Fix CVE-2026-30883: An extremely large image profile could result in a heap overflow when encoding a PNG image * Fix CVE-2026-30936: A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. * Fix CVE-2026-30937: A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. * Fix CVE-2026-31853: An overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. * Fix CVE-2026-32259: When a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. * Fix CVE-2026-32636: The NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte * Fix CVE-2026-33535: An out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. * Fix CVE-2026-33536: Due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write Checksums-Sha1: d3fcaf3a1eb2c833e9919899abbe42480da8452d 5109 imagemagick_6.9.11.60+dfsg-1.3+deb11u11.dsc 824a63dce5e54bd8b78077d671d8ab06300a8848 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz f949dabfe2612b17030a78faa2a3132d7b202961 322120 imagemagick_6.9.11.60+dfsg-1.3+deb11u11.debian.tar.xz b3abe739f8929626bd60cf44be907828bec654ad 8489 imagemagick_6.9.11.60+dfsg-1.3+deb11u11_source.buildinfo Checksums-Sha256: 2f48fc8a93f8ee1a5f25fdf0fce2fdb149856159edb11acbb7ee4b85973060bc 5109 imagemagick_6.9.11.60+dfsg-1.3+deb11u11.dsc 472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz 6963e2be0335fdaf1912f9afdef901d9a5d8c5dcc38b28e1865d1787f62a441c 322120 imagemagick_6.9.11.60+dfsg-1.3+deb11u11.debian.tar.xz e1ffc77d8d11dad393d70388b3b9b28f3d770b295c649056a6198000cace6399 8489 imagemagick_6.9.11.60+dfsg-1.3+deb11u11_source.buildinfo Files: 9f348716a902427411fd008ea558ba12 5109 graphics optional imagemagick_6.9.11.60+dfsg-1.3+deb11u11.dsc 8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional imagemagick_6.9.11.60+dfsg.orig.tar.xz 36c753f60cee991308fea2f75f525cac 322120 graphics optional imagemagick_6.9.11.60+dfsg-1.3+deb11u11.debian.tar.xz d4ff776cff9b0fff8de7b509d15a11fa 8489 graphics optional imagemagick_6.9.11.60+dfsg-1.3+deb11u11_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmnlBMQACgkQADoaLapB CF+qnw//X0gb5uaHNlZ2RkLNzDHeahEt/ixBR/ccicvHMIVGHbsSa10Fwh8ZGcGA x20Vj5c2QOhp4w67SPEsOSiaEATaX2JTOZiJB3M9b20VjvPdo9FS204Mg/EviEYA AuCTkyCsrZmUxs/7AiMlJ7DoKFT65sIIN68qJJZJ+r97eqGUP4IRPiN4ec9MxRop BbFPSPZ/fkSwvJaCqwg54R6c9dHYprGeICzRMGbyIBYGbXxHE8nqL+mE+JDjj+er mNHQCRfR2C5cN0UrCqPG8bXOOCHdDpwCxAGKi+SuaUmjSYC+HHm/o7l6AEkYgVl8 eB4ce2xM/fo2ftinHkZzH/Z8xVt3q6VBl8PxtBT0gObXhPNsRRMThCA3K2ANLRth oaTObh8+d5A06Z3U1g90KOZIGWm+vmbqItrsTj18m9GPpe9jCJjBQB9DzamZRUbk SCL86U7i01JYSzIh1RbQKxEw7EvRH73mJmKHOE+GZOUrKNmISG3WHBVTWwXrjKNq mRffAoyPZrOwy4mZDJqclTQj4eNrjr7yePy49rpnFqblYHVqrZLs/vyuF4nii519 TVGz9aqE5RcN56dqGI6PzLrXFKar6Lh9Qe88oWkknlmsu6KHyiROgDO6uTUYFpGw SwJ4710GBB7jpeLm4q0llnfycxMFyWPjrMuebL23Ee8lg7+WzMc= =jk13 -----END PGP SIGNATURE-----
