-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 21 Jun 2026 15:40:05 +0200 Source: imagemagick Architecture: source Version: 8:6.9.11.60+dfsg-1.6+deb12u11 Distribution: bookworm-security Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1140176 Changes: imagemagick (8:6.9.11.60+dfsg-1.6+deb12u11) bookworm-security; urgency=high . * Fix CVE-2026-48733: An infinite loop in the subimage-search operation can happen when using a crafted image. * Fix CVE-2026-48734: A crafted MVG file could result in a stack overflow due to a missing depth or visited-set check * Fix CVE-2026-48994: A missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. * Fix CVE-2026-49218: A missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. * Fix CVE-2026-53460: A missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. * Fix CVE-2026-53463: When passing incorrect arguments in the distort operation a null pointer deference will occur. * Fix default policy.xml HTTP/HTTPS/URL delegate rules are no-ops (Closes: #1140176) Checksums-Sha1: c3f16669cff11f4e0b18a0d86d3bfd20477243b3 5134 imagemagick_6.9.11.60+dfsg-1.6+deb12u11.dsc 824a63dce5e54bd8b78077d671d8ab06300a8848 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz 3886314169eaaacb6cccab42640a3d03688f480d 337148 imagemagick_6.9.11.60+dfsg-1.6+deb12u11.debian.tar.xz 752aa4d804c3efbab1be821483cf05cda548765c 8516 imagemagick_6.9.11.60+dfsg-1.6+deb12u11_source.buildinfo Checksums-Sha256: bc7cfc2484b72d4791be7785a0a251c8d55508975f70d794bd14cee73d06caef 5134 imagemagick_6.9.11.60+dfsg-1.6+deb12u11.dsc 472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz 7782105ca00f7a22dbc353b37b5da89414379545defce3986e0e1726631afd82 337148 imagemagick_6.9.11.60+dfsg-1.6+deb12u11.debian.tar.xz b37363b9b3877324003befe138e26b3bddc09c2fb41e4e0969893504b0d72142 8516 imagemagick_6.9.11.60+dfsg-1.6+deb12u11_source.buildinfo Files: 399311662b1e0251a24ec17ff9df279c 5134 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u11.dsc 8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional imagemagick_6.9.11.60+dfsg.orig.tar.xz d36a95688c1ef54ade52609eafa870bb 337148 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u11.debian.tar.xz a3d8eeeab7895c18dcef5af365f63dc7 8516 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u11_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmo4HSsACgkQADoaLapB CF+hSg/9FnxizYDr9PiDXedH+rSFGR0AgfK6JzbpmJtenlu0lGvBAqPp2OVXtMlw 4c9JYhkLXcaN9o7dbHaTRYnq6dFrlUUH6RA13oLasVG+vwG0joiCJosyPMk9TNlh 1IGU5lNNxht45+8skahfa8NBF/yhvsbJBIyoKGsf/XJRCaOfMsAlVlkbbnpjNNSX pwgieYZh+1nQcBCJgYS3RpV5MS7E95f9mvyyU9KU/0lNuCGxGL+y9CbLfyVl6+K3 tg8lHw+lBruwB+s6h2s2XNxwjCJ8kRQdE0Vk2yuFkHx1UeBXCOa9cb9m4M1a8NJY j6EaxAc2BemWK3HY8DbzpgvrAdRSlWZN0Ewpi00CmrTZdrYisc3R55WVzoy3y2ur /gxOw3I/Bi2G6kcjvqGyZTjBiYJvR+4Vbvf+yAOOqIBC3hZspkWdirOsXtSQgrK9 bs2R6Sx0WOh1T0IhCl//8HfHvd9ftIHdiueFN9ombUXi/KBLyyLj6WcUojBk+O+n FbzMOAMUJspORXx3/gGUhMiX1QfK5GocM9gWdqCnrKNUuqFHPNmxkvKsIIrDOQDm ZiQsleURPVuAcOVQ3TnR86B8ZyLwgn9rIloNvGsRyacueBcnFbOLZ8KuJcH5ICLs fmmO44rm/2n9Bb/UqAjBVIHjhCqFDE+h7tyXqGR+LvCC+tDwHWE= =0a1r -----END PGP SIGNATURE-----
