-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 21 Jun 2026 22:28:53 +0200 Source: imagemagick Architecture: source Version: 8:6.9.11.60+dfsg-1.3+deb11u14 Distribution: bullseye-security Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1140176 Changes: imagemagick (8:6.9.11.60+dfsg-1.3+deb11u14) bullseye-security; urgency=high . * Fix CVE-2026-48733: An infinite loop in the subimage-search operation can happen when using a crafted image. * Fix CVE-2026-48734: A crafted MVG file could result in a stack overflow due to a missing depth or visited-set check * Fix CVE-2026-48994: A missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. * Fix CVE-2026-49218: A missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. * Fix CVE-2026-53460: A missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. * Fix CVE-2026-53463: When passing incorrect arguments in the distort operation a null pointer deference will occur. * Fix default policy.xml HTTP/HTTPS/URL delegate rules are no-ops (Closes: #1140176) Checksums-Sha1: f5ad7b7e809bc9f861cd89f4fb4e0f267e19b40b 5134 imagemagick_6.9.11.60+dfsg-1.3+deb11u14.dsc 824a63dce5e54bd8b78077d671d8ab06300a8848 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz 7499393f32a918457d59e86cd29e8b290192d390 338144 imagemagick_6.9.11.60+dfsg-1.3+deb11u14.debian.tar.xz 5b9df29cfe715178100bdafeb3876a1f13bf54df 8516 imagemagick_6.9.11.60+dfsg-1.3+deb11u14_source.buildinfo Checksums-Sha256: 08479fe61ed510f9492004f3ef6ab5cb29f823929f7cdbf56c66e7b4516ba52b 5134 imagemagick_6.9.11.60+dfsg-1.3+deb11u14.dsc 472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz 611a51f5b66a1f70d3982b78a00c16aa78455746eee33562c6b20a9f1e56440d 338144 imagemagick_6.9.11.60+dfsg-1.3+deb11u14.debian.tar.xz 54058a50cabc8a508f3adbed91ba23d6231b9ce2b2fc49019ca2d2ffdb3743c1 8516 imagemagick_6.9.11.60+dfsg-1.3+deb11u14_source.buildinfo Files: ae3947517f2d38c381c97fe92bf651c5 5134 graphics optional imagemagick_6.9.11.60+dfsg-1.3+deb11u14.dsc 8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional imagemagick_6.9.11.60+dfsg.orig.tar.xz 6a4feb43988805c5469048f759f68334 338144 graphics optional imagemagick_6.9.11.60+dfsg-1.3+deb11u14.debian.tar.xz 3dbfb0ec306196e136d0b7041be90f4e 8516 graphics optional imagemagick_6.9.11.60+dfsg-1.3+deb11u14_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmo6t6MACgkQADoaLapB CF/Knw//eRdoEjMxP0EePWKYHcU7S09Zt5RmXYpCEUwn/xVoretUkyNYTtQ/C1GH MkfNvTEO/ukVhk6hwR+BVjjVdO6YQtbMPpcN28vYVtC/Npy2WsmFNVNTnT8QcS71 EZ6EwO0OTjIMD8D6DR5VWSAcPkKqqh3KnlgQAXqnt06fiyw2O3SknX6HALYQSTFU frjccF6puygKp56AUAJczc/1U6Xfdw7Ol8L9nfBP0uS7pYvDQcRajBHxu8hLySyd LsHJrvM9Tr90emw5Zg2d+jVWm9aO2rx/FjmzlnL9/PJnNIiUPHbLXHHU47zKmBPi 9y/stRd6NEwjNPbAjfoZ9uOAetpbvYIJ9+LXRLUGSunRvMYu2bNVu/HYGdT8GXOX VpRBYaRhM9PAfJYOyFgNKjM0ZlS23WlMR5ogR2+eu/LGADCWR0E1ZILHmdw6uypz ZfLlTvcrnNfir7ETD9x9bPyO27UkWKmvFjTB62eBgJIHEZJjhTYvztH78WUFAJDv x5SXYmrIWFh403u5l9x3zH6illKZs52n5ucgxnJ+fGxCoDLsKe3qcDsaCgNi2LzF Y8U6S/gcAO5DaFQILye7YDKEXcT4EIqDQ3FPLTcnESRwdOoWYihs/9MvEh9WrFDO ueN7xdTnieXMuavHAvpYOlGwcnC6URg+ro/QNmaicDMe2BzJgQ0= =oX6V -----END PGP SIGNATURE-----
