imagemagick - Debian Package Tracker

general

source: imagemagick (main)
version: 8:7.1.2.8+dfsg1-1
maintainer: ImageMagick Packaging Team (archive) (DMD)
uploaders: Bastien Roucariès [DMD]
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 8:6.9.11.60+dfsg-1.3+deb11u4
o-o-sec: 8:6.9.11.60+dfsg-1.3+deb11u7
o-o-p-u: 8:6.9.11.60+dfsg-1.3+deb11u4
oldstable: 8:6.9.11.60+dfsg-1.6+deb12u3
old-sec: 8:6.9.11.60+dfsg-1.6+deb12u4
old-p-u: 8:6.9.11.60+dfsg-1.6+deb12u4
stable: 8:7.1.1.43+dfsg1-1+deb13u1
stable-sec: 8:7.1.1.43+dfsg1-1+deb13u2
stable-p-u: 8:7.1.1.43+dfsg1-1+deb13u3
testing: 8:7.1.2.3+dfsg1-1
unstable: 8:7.1.2.8+dfsg1-1

versioned links

8:6.9.11.60+dfsg-1.3+deb11u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8:6.9.11.60+dfsg-1.3+deb11u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8:6.9.11.60+dfsg-1.6+deb12u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8:6.9.11.60+dfsg-1.6+deb12u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8:7.1.1.43+dfsg1-1+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8:7.1.1.43+dfsg1-1+deb13u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8:7.1.1.43+dfsg1-1+deb13u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8:7.1.2.3+dfsg1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8:7.1.2.8+dfsg1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

imagemagick (58 bugs: 0, 33, 25, 0)
imagemagick-7-common
imagemagick-7-doc
imagemagick-7.q16 (5 bugs: 0, 2, 3, 0)
imagemagick-7.q16hdri
libimage-magick-perl (2 bugs: 0, 1, 1, 0)
libimage-magick-q16-perl
libimage-magick-q16hdri-perl
libmagick++-7-headers
libmagick++-7.q16-5
libmagick++-7.q16-dev
libmagick++-7.q16hdri-5
libmagick++-7.q16hdri-dev (1 bugs: 0, 1, 0, 0)
libmagick++-dev
libmagickcore-7-arch-config
libmagickcore-7-headers
libmagickcore-7.q16-10 (1 bugs: 0, 1, 0, 0)
libmagickcore-7.q16-10-extra
libmagickcore-7.q16-dev
libmagickcore-7.q16hdri-10
libmagickcore-7.q16hdri-10-extra
libmagickcore-7.q16hdri-dev
libmagickcore-dev
libmagickwand-7-headers
libmagickwand-7.q16-10
libmagickwand-7.q16-dev
libmagickwand-7.q16hdri-10
libmagickwand-7.q16hdri-dev
libmagickwand-dev
perlmagick

action needed

lintian reports 79 errors and 17 warnings high

Lintian reports 79 errors and 17 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-10-29 Last update: 2025-10-31 00:31

debian/patches: 9 patches with invalid metadata, 8 patches to forward upstream high

Among the 35 debian patches available in version 8:7.1.2.8+dfsg1-1 of the package, we noticed the following issues:

9 patches with invalid metadata that ought to be fixed.
8 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-10-29 14:01

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2025-62171: ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32.
CVE-2025-62594: ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. This issue has been patched in version 7.1.2-8.

Created: 2025-10-17 Last update: 2025-10-29 12:31

Depends on packages which need a new maintainer normal

The packages that imagemagick depends on which need a new maintainer are:

html2ps (#759016)
- Suggests: html2ps html2ps

Created: 2019-11-22 Last update: 2025-11-03 04:32

1 bug tagged help in the BTS normal

The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.

Created: 2019-03-21 Last update: 2025-11-03 04:30

12 bugs tagged patch in the BTS normal

The BTS contains patches fixing 12 bugs (13 if counting merged bugs), consider including or untagging them.

Created: 2025-01-06 Last update: 2025-11-03 04:30

12 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 1bad46daa22212aa178e5df3510b6eb76a10f7b8
Author: Bastien Roucariès <rouca@debian.org>
Date:   Tue Oct 28 17:07:04 2025 +0100

    Refresh patches

commit 520d3abdff8d92243f145d13361d730828e98e6d
Author: Bastien Roucariès <rouca@debian.org>
Date:   Tue Oct 28 17:06:26 2025 +0100

    Update changelog

commit 390fb315e32c79a5dd6fc7fbb6c1b5dabd9a36a2
Merge: a0ef81abec f50a4571c5
Author: Bastien Roucariès <rouca@debian.org>
Date:   Tue Oct 28 16:07:23 2025 +0100

    Update upstream source from tag 'upstream/7.1.2.8+dfsg1'
    
    Update to upstream version '7.1.2.8+dfsg1'
    with Debian dir 7103002db102134f2d0792e40b149cf81d8d8ab5

commit f50a4571c55dd5eb7fe1b04256088e5830f1f5db
Merge: ef30f27ad9 928d4eac4a
Author: Bastien Roucariès <rouca@debian.org>
Date:   Tue Oct 28 16:07:23 2025 +0100

    New upstream version 7.1.2.8+dfsg1

commit 928d4eac4aac2e7ef4c0f5aac7b5bf29c78e7429
Author: Bastien Roucariès <rouca@debian.org>
Date:   Tue Oct 28 15:29:57 2025 +0100

    Add dfsg

commit a3b13d143fd7dea44cd71d31aa02f411b597688f
Author: Cristy <urban-warrior@imagemagick.org>
Date:   Sun Oct 26 07:53:09 2025 -0400

    release

commit 2300ae543abb9ee0783fe783438f4a7a9e696fd5
Author: Cristy <urban-warrior@imagemagick.org>
Date:   Sat Oct 25 19:54:18 2025 -0400

    https://github.com/ImageMagick/ImageMagick6/pull/343#issuecomment-3438433150

commit 30bafbfae05a9c0a5fe4b9251210f947c3c876f2
Author: Dirk Lemstra <dirk@lemstra.org>
Date:   Sat Oct 25 14:26:10 2025 +0200

    Updated the Windows dependencies.

commit 336f2b8dbeda00b269cd40b61abfd207eac229f3
Author: Dirk Lemstra <dirk@lemstra.org>
Date:   Mon Oct 20 20:15:07 2025 +0200

    Also install squashfs-tools for the AppImage build.

commit 8547a24f1b3bf4802592c77b97b969e2ee54f634
Author: Cristy <urban-warrior@imagemagick.org>
Date:   Sat Oct 18 11:07:07 2025 -0400

    https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g5vw-p55v-8742

commit 7b47fe369eda90483402fcd3d78fa4167d3bb129
Author: Cristy <urban-warrior@imagemagick.org>
Date:   Sat Oct 18 10:54:39 2025 -0400

    https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wpp4-vqfq-v4hp

commit d56b6afca237907a351681bf8cd7929e24ec91aa
Author: Cristy <urban-warrior@imagemagick.org>
Date:   Tue Oct 14 19:51:59 2025 -0400

    beta release

Created: 2025-10-28 Last update: 2025-10-29 10:01

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-09-24 Last update: 2025-09-24 05:32

AppStream hints: 2 warnings for imagemagick-7.q16hdri,imagemagick-7.q16 normal

AppStream found metadata issues for packages:

imagemagick-7.q16: 1 warning
imagemagick-7.q16hdri: 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2020-06-01 Last update: 2024-12-29 23:00

RFH: The maintainer is looking for help with this package. normal

The current maintainer is looking for someone who can help with the maintenance of this package. If you are interested in this package, please consider helping out. One way you can help is offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #1017366 for more information.

Created: 2022-08-15 Last update: 2022-08-15 02:06

2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:

CVE-2025-62171: (needs triaging) ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32.
CVE-2025-62594: (needs triaging) ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. This issue has been patched in version 7.1.2-8.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-10-17 Last update: 2025-10-29 12:31

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-10-29 12:19

testing migrations

excuses:
- Migration status for imagemagick (8:7.1.2.3+dfsg1-1 to 8:7.1.2.8+dfsg1-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Autopkgtest for cmake/4.1.1+really3.31.6-2: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered (failure will be ignored), riscv64: Test triggered (failure will be ignored), s390x: Pass
- ∙ ∙ Autopkgtest for diffoscope/306: amd64: Pass ♻ (reference ♻), arm64: Pass ♻ (reference ♻), i386: Pass ♻, ppc64el: Pass ♻, riscv64: Pass ♻, s390x: Pass ♻
- ∙ ∙ Autopkgtest for gscan2pdf/2.13.4-4: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻), riscv64: Regression ♻ (reference ♻), s390x: Regression ♻ (reference ♻)
- ∙ ∙ Autopkgtest for imagemagick/8:7.1.2.8+dfsg1-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Autopkgtest for img2pdf/0.6.1-1: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻), riscv64: Regression ♻ (reference ♻), s390x: Regression ♻ (reference ♻)
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/i/imagemagick.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ 5 days old (needed 5 days)
- Not considered

news

[rss feed]

[2025-11-02] Accepted imagemagick 8:7.1.1.43+dfsg1-1+deb13u3 (source) into proposed-updates (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
[2025-10-28] Accepted imagemagick 8:7.1.2.8+dfsg1-1 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2025-10-19] Accepted imagemagick 8:6.9.11.60+dfsg-1.3+deb11u7 (source) into oldoldstable-security (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2025-10-18] Accepted imagemagick 8:7.1.2.7+dfsg1-1 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2025-09-15] Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u4 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
[2025-09-12] Accepted imagemagick 8:7.1.1.43+dfsg1-1+deb13u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
[2025-09-11] Accepted imagemagick 8:7.1.1.43+dfsg1-1+deb13u2 (source) into stable-security (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
[2025-09-11] Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u4 (source) into oldstable-security (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
[2025-09-10] Accepted imagemagick 8:6.9.11.60+dfsg-1.3+deb11u6 (source) into oldoldstable-security (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2025-09-08] imagemagick 8:7.1.2.3+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2025-09-06] Accepted imagemagick 8:7.1.2.3+dfsg1-1 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2025-08-31] imagemagick 8:7.1.1.43+dfsg1-1+deb13u1 MIGRATED to testing (Debian testing watch)
[2025-08-19] Accepted imagemagick 8:7.1.2.1+dfsg1-1 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2025-07-18] Accepted imagemagick 8:7.1.1.43+dfsg1-1+deb13u1 (source) into testing-proposed-updates (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2025-07-16] Accepted imagemagick 8:7.1.1.47+dfsg1-2 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2025-05-03] Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u3 (source) into proposed-updates (Debian FTP Masters) (signed by: Adrian Bunk)
[2025-04-26] Accepted imagemagick 8:6.9.11.60+dfsg-1.3+deb11u5 (source) into oldstable-security (Adrian Bunk)
[2025-04-10] Accepted imagemagick 8:7.1.1.47+dfsg1-1 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2025-03-30] Accepted imagemagick 8:7.1.1.46+dfsg1-1 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2025-01-08] imagemagick 8:7.1.1.43+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2024-12-29] Accepted imagemagick 8:7.1.1.43+dfsg1-1 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2024-12-02] imagemagick 8:7.1.1.39+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2024-11-24] Accepted imagemagick 8:7.1.1.39+dfsg1-3 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2024-11-04] Accepted imagemagick 8:7.1.1.39+dfsg1-2 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2024-10-28] Accepted imagemagick 8:7.1.1.39+dfsg1-1 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2024-08-22] Accepted imagemagick 8:7.1.1.33+dfsg1-2 (source) into experimental (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2024-08-21] Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
[2024-08-21] Accepted imagemagick 8:7.1.1.33+dfsg1-1 (source all amd64) into experimental (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
[2024-08-16] Accepted imagemagick 8:6.9.11.60+dfsg-1.3+deb11u4 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
[2024-07-04] imagemagick 8:6.9.13.12+dfsg1-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 129 132
RC: 0
I&N: 80 81
M&W: 48 50
F&P: 1
patch: 12 13
help: 1
NC: 1

links

homepage
lintian (79, 17)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 8:7.1.2.3+dfsg1-1
100 bugs (1 patch)