Debian Package Tracker
Register | Log in
Subscribe

imagemagick

image manipulation programs -- binaries

Choose email to subscribe with

general
  • source: imagemagick (main)
  • version: 8:7.1.2.13+dfsg1-1
  • maintainer: ImageMagick Packaging Team (archive) (DMD)
  • uploaders: Bastien Roucariès [DMD]
  • arch: all any
  • std-ver: 4.7.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 8:6.9.11.60+dfsg-1.3+deb11u4
  • o-o-sec: 8:6.9.11.60+dfsg-1.3+deb11u9
  • o-o-p-u: 8:6.9.11.60+dfsg-1.3+deb11u4
  • oldstable: 8:6.9.11.60+dfsg-1.6+deb12u5
  • old-sec: 8:6.9.11.60+dfsg-1.6+deb12u6
  • old-p-u: 8:6.9.11.60+dfsg-1.6+deb12u6
  • stable: 8:7.1.1.43+dfsg1-1+deb13u4
  • stable-sec: 8:7.1.1.43+dfsg1-1+deb13u5
  • stable-p-u: 8:7.1.1.43+dfsg1-1+deb13u5
  • testing: 8:7.1.2.13+dfsg1-1
  • unstable: 8:7.1.2.13+dfsg1-1
versioned links
  • 8:6.9.11.60+dfsg-1.3+deb11u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8:6.9.11.60+dfsg-1.3+deb11u9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8:6.9.11.60+dfsg-1.6+deb12u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8:6.9.11.60+dfsg-1.6+deb12u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8:7.1.1.43+dfsg1-1+deb13u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8:7.1.1.43+dfsg1-1+deb13u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8:7.1.2.13+dfsg1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • imagemagick (56 bugs: 0, 31, 25, 0)
  • imagemagick-7-common
  • imagemagick-7-doc (1 bugs: 0, 1, 0, 0)
  • imagemagick-7.q16 (7 bugs: 0, 4, 3, 0)
  • imagemagick-7.q16hdri
  • libimage-magick-perl (2 bugs: 0, 1, 1, 0)
  • libimage-magick-q16-perl
  • libimage-magick-q16hdri-perl
  • libmagick++-7-headers
  • libmagick++-7.q16-5
  • libmagick++-7.q16-dev
  • libmagick++-7.q16hdri-5
  • libmagick++-7.q16hdri-dev (1 bugs: 0, 1, 0, 0)
  • libmagick++-dev
  • libmagickcore-7-arch-config
  • libmagickcore-7-headers
  • libmagickcore-7.q16-10 (1 bugs: 0, 1, 0, 0)
  • libmagickcore-7.q16-10-extra
  • libmagickcore-7.q16-dev
  • libmagickcore-7.q16hdri-10
  • libmagickcore-7.q16hdri-10-extra
  • libmagickcore-7.q16hdri-dev
  • libmagickcore-dev
  • libmagickwand-7-headers
  • libmagickwand-7.q16-10
  • libmagickwand-7.q16-dev
  • libmagickwand-7.q16hdri-10
  • libmagickwand-7.q16hdri-dev
  • libmagickwand-dev
  • perlmagick
action needed
A new upstream version is available: 7.1.2-15 high
A new upstream version 7.1.2-15 is available, you should consider packaging it.
Created: 2026-02-23 Last update: 2026-03-01 08:31
34 security issues in trixie high

There are 34 open security issues in trixie.

34 important issues:
  • CVE-2026-24481: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-24484: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-24485: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25576: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25637: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. Version 7.1.2-15 contains a patch.
  • CVE-2026-25638: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasing these allocated resources. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25794: ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.
  • CVE-2026-25795: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25796: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25797: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicous file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed. The html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and injection arbitrary html code. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25798: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25799: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25897: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25898: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25965: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.
  • CVE-2026-25966: ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd:<n> pseudo-filenames (e.g., fd:0, fd:1). Prior to versions 7.1.2-15 and 6.9.13-40, this path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of "no stdin/stdout." Versions 7.1.2-15 and 6.9.13-40 contain a patch by including a change to the more secure policies by default. As a workaround, add the change to one's security policy manually.
  • CVE-2026-25967: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.
  • CVE-2026-25968: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25969: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. Version 7.1.2-15 contains a patch.
  • CVE-2026-25970: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25971: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25982: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25983: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25985: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25986: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25987: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25988: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25989: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26066: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26283: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26284: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26983: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-27798: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-27799: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Created: 2026-02-24 Last update: 2026-02-26 18:31
34 security issues in sid high

There are 34 open security issues in sid.

34 important issues:
  • CVE-2026-24481: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-24484: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-24485: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25576: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25637: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. Version 7.1.2-15 contains a patch.
  • CVE-2026-25638: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasing these allocated resources. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25794: ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.
  • CVE-2026-25795: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25796: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25797: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicous file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed. The html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and injection arbitrary html code. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25798: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25799: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25897: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25898: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25965: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.
  • CVE-2026-25966: ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd:<n> pseudo-filenames (e.g., fd:0, fd:1). Prior to versions 7.1.2-15 and 6.9.13-40, this path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of "no stdin/stdout." Versions 7.1.2-15 and 6.9.13-40 contain a patch by including a change to the more secure policies by default. As a workaround, add the change to one's security policy manually.
  • CVE-2026-25967: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.
  • CVE-2026-25968: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25969: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. Version 7.1.2-15 contains a patch.
  • CVE-2026-25970: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25971: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25982: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25983: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25985: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25986: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25987: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25988: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25989: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26066: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26283: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26284: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26983: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-27798: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-27799: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Created: 2026-02-24 Last update: 2026-02-26 18:31
34 security issues in forky high

There are 34 open security issues in forky.

34 important issues:
  • CVE-2026-24481: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-24484: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-24485: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25576: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25637: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. Version 7.1.2-15 contains a patch.
  • CVE-2026-25638: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasing these allocated resources. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25794: ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.
  • CVE-2026-25795: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25796: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25797: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicous file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed. The html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and injection arbitrary html code. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25798: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25799: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25897: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25898: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25965: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.
  • CVE-2026-25966: ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd:<n> pseudo-filenames (e.g., fd:0, fd:1). Prior to versions 7.1.2-15 and 6.9.13-40, this path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of "no stdin/stdout." Versions 7.1.2-15 and 6.9.13-40 contain a patch by including a change to the more secure policies by default. As a workaround, add the change to one's security policy manually.
  • CVE-2026-25967: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.
  • CVE-2026-25968: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25969: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. Version 7.1.2-15 contains a patch.
  • CVE-2026-25970: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25971: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25982: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25983: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25985: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25986: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25987: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25988: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25989: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26066: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26283: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26284: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26983: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-27798: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-27799: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Created: 2026-02-24 Last update: 2026-02-26 18:31
34 security issues in bullseye high

There are 34 open security issues in bullseye.

34 important issues:
  • CVE-2026-24481: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-24484: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-24485: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25576: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25637: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. Version 7.1.2-15 contains a patch.
  • CVE-2026-25638: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasing these allocated resources. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25794: ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.
  • CVE-2026-25795: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25796: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25797: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicous file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed. The html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and injection arbitrary html code. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25798: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25799: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25897: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25898: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25965: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.
  • CVE-2026-25966: ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd:<n> pseudo-filenames (e.g., fd:0, fd:1). Prior to versions 7.1.2-15 and 6.9.13-40, this path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of "no stdin/stdout." Versions 7.1.2-15 and 6.9.13-40 contain a patch by including a change to the more secure policies by default. As a workaround, add the change to one's security policy manually.
  • CVE-2026-25967: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.
  • CVE-2026-25968: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25969: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. Version 7.1.2-15 contains a patch.
  • CVE-2026-25970: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25971: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25982: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25983: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25985: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25986: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25987: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25988: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25989: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26066: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26283: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26284: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26983: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-27798: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-27799: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Created: 2026-02-24 Last update: 2026-02-26 18:31
34 security issues in bookworm high

There are 34 open security issues in bookworm.

34 important issues:
  • CVE-2026-24481: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-24484: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-24485: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25576: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25637: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. Version 7.1.2-15 contains a patch.
  • CVE-2026-25638: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasing these allocated resources. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25794: ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.
  • CVE-2026-25795: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25796: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25797: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicous file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed. The html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and injection arbitrary html code. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25798: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25799: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25897: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25898: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25965: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.
  • CVE-2026-25966: ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd:<n> pseudo-filenames (e.g., fd:0, fd:1). Prior to versions 7.1.2-15 and 6.9.13-40, this path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of "no stdin/stdout." Versions 7.1.2-15 and 6.9.13-40 contain a patch by including a change to the more secure policies by default. As a workaround, add the change to one's security policy manually.
  • CVE-2026-25967: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.
  • CVE-2026-25968: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25969: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. Version 7.1.2-15 contains a patch.
  • CVE-2026-25970: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25971: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25982: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25983: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25985: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25986: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25987: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25988: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-25989: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26066: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26283: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26284: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-26983: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-27798: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
  • CVE-2026-27799: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Created: 2026-02-24 Last update: 2026-02-26 18:31
lintian reports 7 errors and 17 warnings high
Lintian reports 7 errors and 17 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2026-01-22 Last update: 2026-01-23 08:31
debian/patches: 9 patches with invalid metadata, 8 patches to forward upstream high

Among the 35 debian patches available in version 8:7.1.2.13+dfsg1-1 of the package, we noticed the following issues:

  • 9 patches with invalid metadata that ought to be fixed.
  • 8 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2026-01-22 08:30
1 bug tagged help in the BTS normal
The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.
Created: 2019-03-21 Last update: 2026-03-01 13:00
11 bugs tagged patch in the BTS normal
The BTS contains patches fixing 11 bugs (12 if counting merged bugs), consider including or untagging them.
Created: 2025-01-06 Last update: 2026-03-01 13:00
version in VCS is newer than in repository, is it time to upload? normal
vcswatch reports that this package seems to have a new changelog entry (version 8:7.1.2.15+dfsg1-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:
commit f9fd96cdcb180ffca92b87c5a23a75254ab07421
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Mar 1 11:23:03 2026 +0100

    Use version with EPOCH

commit daed0d5fa37502aa253f2d1c2e9d0881d096dc5b
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Mar 1 02:06:26 2026 +0100

    FIx a double free

commit 3d9a278a81991bd79bccb3293a427baea2617897
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Mar 1 00:51:30 2026 +0100

    Add changelog

commit 0b9aa0a0d5e4438528f4d26e051e9cd34709a98c
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Mar 1 00:26:49 2026 +0100

    Refresh patches

commit 2b00c2f13114903551ee3246b2e51ad7a1270033
Merge: 1837f8a9 4ba151fc
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Mar 1 00:25:51 2026 +0100

    Update upstream source from tag 'upstream/7.1.2.15+dfsg1'
    
    Update to upstream version '7.1.2.15+dfsg1'
    with Debian dir 62eb6e06293b40552d98ec36dffdc7996424221c

commit 1837f8a9fd99374a21b605876685b1801fc06128
Author: Bastien Roucariès <rouca@debian.org>
Date:   Wed Jan 21 22:55:13 2026 +0100

    Add changelog

commit 05e42d5f65e348e00e1a4f6f8b5b0cf0fb290be8
Author: Bastien Roucariès <rouca@debian.org>
Date:   Wed Jan 21 22:46:46 2026 +0100

    Refresh patches

commit 26bc0768f0e26796ebf073c5f987b646010dec63
Merge: 4587e68d da9d8f81
Author: Bastien Roucariès <rouca@debian.org>
Date:   Wed Jan 21 22:38:04 2026 +0100

    Update upstream source from tag 'upstream/7.1.2.13+dfsg1'
    
    Update to upstream version '7.1.2.13+dfsg1'
    with Debian dir 1c2380a5551f6d7ae712e8efa03a7eb652d003a2

commit 4587e68d52e19679751bb58cd9ff01786a4f68fb
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Dec 28 20:05:58 2025 +0100

    Add changelog

commit 67f81c852f452ce9b4c6a1e43a22e514ef194abf
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Dec 28 19:34:43 2025 +0100

    Refresh pateches

commit dae387c80f114673fee5903002a8f49cfba2c955
Merge: 1bad46da be459f4a
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Dec 28 19:30:38 2025 +0100

    Update upstream source from tag 'upstream/7.1.2.12+dfsg1'
    
    Update to upstream version '7.1.2.12+dfsg1'
    with Debian dir 2f2bdb48fb7d1ea43ed4ffae96680a1f6503754a

commit 1bad46daa22212aa178e5df3510b6eb76a10f7b8
Author: Bastien Roucariès <rouca@debian.org>
Date:   Tue Oct 28 17:07:04 2025 +0100

    Refresh patches

commit 520d3abdff8d92243f145d13361d730828e98e6d
Author: Bastien Roucariès <rouca@debian.org>
Date:   Tue Oct 28 17:06:26 2025 +0100

    Update changelog

commit 390fb315e32c79a5dd6fc7fbb6c1b5dabd9a36a2
Merge: a0ef81ab f50a4571
Author: Bastien Roucariès <rouca@debian.org>
Date:   Tue Oct 28 16:07:23 2025 +0100

    Update upstream source from tag 'upstream/7.1.2.8+dfsg1'
    
    Update to upstream version '7.1.2.8+dfsg1'
    with Debian dir 7103002db102134f2d0792e40b149cf81d8d8ab5

commit a0ef81abec7c0b1d4d49e05a2921bbf43db714cf
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Oct 18 12:35:22 2025 +0200

    Firx remaining html error

commit 83b794346ebbdbd58a3c285ad2b8ab877c42f889
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Oct 18 12:21:13 2025 +0200

    Fix html sane rule

commit 3d015fd43553a516d8355874366f97405489b161
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Oct 18 11:59:55 2025 +0200

    Refresh patches

commit f38cdc4383c271e50e4455232fa15a2b993a9b18
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Oct 18 11:57:38 2025 +0200

    Finalize changelog

commit e9c823f4cda227c0eebdc0936261da621fee5fec
Merge: 318a24a7 ef30f27a
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Oct 18 11:55:03 2025 +0200

    Update upstream source from tag 'upstream/7.1.2.7+dfsg1'
    
    Update to upstream version '7.1.2.7+dfsg1'
    with Debian dir 2d36596aee2ba2d63f9e931901570fadd2b92132

commit 318a24a7133f26843d53a459feca4149fff6a937
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Sep 6 16:33:16 2025 +0200

    Refresh patches

commit 598d2ab86d5dc9127b1c7a269a5641e4441121ee
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Sep 6 16:28:16 2025 +0200

    Add new CVE fix

commit eeaa4828605f503ba24eeef773bff7a7406257ff
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Sep 6 15:44:25 2025 +0200

    Add index.html to make deps

commit af0897e285d0dd0c785bdc9e2508f613f97a8157
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Sep 6 14:48:01 2025 +0200

    Fix index.html link

commit 27d30c815bf0b8839ac16741a71cc5fcdd2f9fc2
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Sep 6 01:45:54 2025 +0200

    Add changelog entry

commit 709392d0f92e00579bdaef2b1b9efcd0d4b1c73b
Author: Bastien Roucariès <rouca@debian.org>
Date:   Fri Sep 5 23:44:39 2025 +0200

    refresh patch

commit d964e6d730ba3617392177ba1bb4e5947cd0c520
Merge: 4bddb840 70383fab
Author: Bastien Roucariès <rouca@debian.org>
Date:   Fri Sep 5 23:24:42 2025 +0200

    Update upstream source from tag 'upstream/7.1.2.3+dfsg1'
    
    Update to upstream version '7.1.2.3+dfsg1'
    with Debian dir 91ab2b6f25cec935bfeed09c560262b7dcc9d20a

commit 4bddb8409dfe291d13a4cb02e57aefc356814107
Author: Bastien Roucariès <rouca@debian.org>
Date:   Mon Aug 18 19:19:48 2025 +0200

    Add conflicts

commit 3ff2bfa8310b9360606d313b878fded6f15d3e9f
Author: Bastien Roucariès <rouca@debian.org>
Date:   Mon Aug 18 14:35:31 2025 +0200

    Add missing symbols

commit 59a2d687b2621773ce9253d70c67740f2dd4237a
Author: Bastien Roucariès <rouca@debian.org>
Date:   Mon Aug 18 00:07:57 2025 +0200

    Fix html error

commit a9d310406b5187078682f3d0e06e377e2767c2a9
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Aug 17 22:16:39 2025 +0200

    Remove index.html at repack

commit b38a711705e19df9e991787e37816830bc9701a8
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Aug 17 22:15:08 2025 +0200

    Remove index.html use symbolic link

commit ea6c0f072f19a4d30d55347f761e7e3950c11172
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Aug 17 22:09:51 2025 +0200

    Improve check for privacy breach

commit 5e58fe49e369ed7b28a98f52f8023a3de02b7057
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Aug 17 18:54:46 2025 +0200

    New upstream version

commit 07f17a9489da02e1445572a11a9a813c1b1a5d08
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Aug 17 18:13:33 2025 +0200

    Refresh patches

commit 3e19708418a772e7c1a3760e354ba6da69118f3f
Merge: 788f2c17 9991c2ec
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Aug 17 18:12:52 2025 +0200

    Update upstream source from tag 'upstream/7.1.2.1+dfsg1'
    
    Update to upstream version '7.1.2.1+dfsg1'
    with Debian dir 6e822cd34ed75605d1febeaa97bb6faa9a26bb52

commit 9991c2ecb7563acf2eb4796dc17ad6fbe0ae762b
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Aug 17 18:12:45 2025 +0200

    New upstream version 7.1.2.1+dfsg1

commit 52f65f859427d60ab00d18d08292b87cc7017ebf
Merge: 22bfc0ab 00a32440
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Aug 17 18:10:35 2025 +0200

    Merge branch 'upstream-dfsg/7.1.2.1' into upstream/lastest

commit 00a32440bff215231d5020c825e5a7c09ee3aa10
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Aug 17 18:09:12 2025 +0200

    Add dsfg files

commit 788f2c179468a629848bac7f6c4668caf9a2d529
Author: Bastien Roucariès <rouca@debian.org>
Date:   Wed Jul 16 23:01:10 2025 +0200

    Fix CVE-2025-53014, CVE-2025-53015, CVE-2025-53019, CVE-2025-53101

commit 26148c915ae8ff40b374ae8db990f2485f33115e
Author: Bastien Roucariès <rouca@debian.org>
Date:   Thu Apr 10 18:05:37 2025 +0200

    New upstream version

commit d0143e19c204d9db9379b5b0f4b16ed71c571755
Merge: 09d01af5 999b1cba
Author: Bastien Roucariès <rouca@debian.org>
Date:   Thu Apr 10 18:04:26 2025 +0200

    Update upstream source from tag 'upstream/7.1.1.47+dfsg1'
    
    Update to upstream version '7.1.1.47+dfsg1'
    with Debian dir 1cf4dc1e5b6c2359d2e7eb524a1cd35bd6a5a6c9

commit 09d01af55af9ddfb46aae26a4a0bef8d458ea64f
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Mar 29 18:46:44 2025 +0000

    Disable rdeps build

commit c9602ea51b57f92bec70d5194b161ae9599f687c
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Mar 29 18:46:23 2025 +0000

    New upstream version

commit 91914b1eb7f80e2783c7cce86e18d1a5a3f186ef
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Mar 29 18:20:52 2025 +0000

    Add new patches for html

commit 42c75b16134e2b077414adfd54392137e7228f4c
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Mar 29 10:13:58 2025 +0000

    Refresh patches

commit 6bdffec37c38f3ab86d2298588d64f98d1d71067
Merge: de721bf0 428b2c6a
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Mar 29 10:11:42 2025 +0000

    Update upstream source from tag 'upstream/7.1.1.46+dfsg1'
    
    Update to upstream version '7.1.1.46+dfsg1'
    with Debian dir 1fbc5b81fd11ac1137c56557f40d3facc1228c73

commit 428b2c6a914dc01f935fa11c28d68bd6167e27bc
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Mar 29 10:11:34 2025 +0000

    New upstream version 7.1.1.46+dfsg1

commit 9473e1b6b8c96ab410eeb8f41f2377b168c22357
Merge: b99ca95e c9f9d13b
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Mar 29 10:08:05 2025 +0000

    Merge branch 'upstream/7.1.1-46' into upstream/7.x

commit c9f9d13bddaa9a005b54e53940d4f606a56a859f
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sat Mar 29 10:05:24 2025 +0000

    Add tar.xz

commit de721bf0d5efd993ef8193b0980fe7f67b7ae3b9
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Dec 29 14:06:00 2024 +0000

    Target correct version

commit 95d8949b7c6c5865725fd7a15194b33b50612ac6
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Dec 29 14:05:06 2024 +0000

    Target unstable

commit b3f4408d734c867ffc29a610498930e4cefa9495
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Dec 29 14:00:23 2024 +0000

    Fix #1034333
    
    find . -name '*.html' -exec sed -ip 's,^.*src=["]https://github.com/sponsors/ImageMagick/button["].*$,,g' {} \;

commit 47217578f2f63ab54e040b788880a5b2707c8abc
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Dec 29 13:54:53 2024 +0000

    Allow smooth upgrade

commit b2883810a14be22269f6562581a94038d170f05e
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Dec 29 13:50:14 2024 +0000

    Fix remaining html error

commit be67f46c89e1bf252ee0a9616376acca4efec0a2
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Dec 29 13:41:31 2024 +0000

    Improve patch queue for doc
    
    Use sed before patching

commit 0eee2649162ebbc2ac4c71ed22a08e3e3e964c25
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Dec 29 13:32:19 2024 +0000

    Rename patches

commit 22bfc0ab1df292b6602cb70f5e5384c1e7063fae
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Mar 19 21:53:33 2023 +0000

    Import Upstream version 6.8.9.9

commit 25959b410cc51ef973117726edc0196b1d687dae
Merge: bde8abf5 059fd8d5
Author: Bastien Roucariès <rouca@debian.org>
Date:   Fri Aug 27 08:23:37 2021 +0000

    Import imagemagick_6.9.12.20+dfsg1.orig.tar.xz

commit 059fd8d553d4a81fdee93b7cbc23768ad1ede73a
Author: Bastien Roucariès <rouca@debian.org>
Date:   Fri Aug 27 08:22:59 2021 +0000

    New upstream

commit bde8abf5b2c9a81f0b307c75ef5812ecfee56b97
Merge: a60f6e22 7bdbbbce
Author: Bastien Roucariès <rouca@debian.org>
Date:   Thu Aug 26 20:44:47 2021 +0000

    Import imagemagick_6.9.12.20+dfsg.orig.tar.xz

commit a60f6e2279059bc8898f48d55f4a3271b68a025a
Merge: 5e82d4f8 7bdbbbce
Author: Bastien Roucariès <rouca@debian.org>
Date:   Thu Aug 26 20:44:33 2021 +0000

    Import imagemagick_6.9.12.20+dfsg.orig.tar.xz

commit 5e82d4f8cee462d2c22ad6a0c86ff292744116f5
Merge: bafb5309 7bdbbbce
Author: Bastien Roucariès <rouca@debian.org>
Date:   Thu Aug 26 20:44:17 2021 +0000

    Import imagemagick_6.9.12.20+dfsg.orig.tar.xz

commit bafb5309adc24ccabbd907735bf31cd63cded59a
Author: Bastien Roucariès <rouca@debian.org>
Date:   Thu Aug 26 20:43:16 2021 +0000

    Import imagemagick_6.9.12.20+dfsg.orig.tar.xz

commit 31a45f691ccfb22a282c4c194fdd019b3d0dcb14
Author: Bastien Roucariès <rouca@debian.org>
Date:   Thu Aug 26 20:42:49 2021 +0000

    Import imagemagick_6.9.12.20+dfsg.orig.tar.xz

commit 7bdbbbced399966061834b3316c93effef0fc1e7
Author: Bastien Roucariès <rouca@debian.org>
Date:   Thu Aug 26 20:42:09 2021 +0000

    Add upstream debian

commit ee41f9aa472220c28bfca5d25058f8deabe469aa
Merge: 4b34f4a3 d49be7fb
Author: Bastien Roucariès <rouca@debian.org>
Date:   Thu Aug 26 20:41:12 2021 +0000

    Merge commit 'd49be7fbb' into upstreamdebian

commit d49be7fbb7667ec214cd00a16145d7f4e3f1606e
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sat Aug 21 13:05:39 2021 -0400

    pending release

commit b9ca6d96820f7f2278515f6bfb26b72c42e1338b
Author: Dirk Lemstra <dirk@lemstra.org>
Date:   Sat Aug 21 15:15:51 2021 +0200

    Use new solution that is already upgrade to VS2019.

commit 4e5510e020300678a4ea20a4e35348444981cba5
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sat Aug 21 08:48:27 2021 -0400

    pending release

commit bf9a4278c183d2713894d0ff1d4e97232cd2d70e
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Mon Aug 16 15:25:34 2021 -0400

    pending release

commit b915afb73148a8da5bca4a018a43c0432873d7fc
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sat Aug 14 19:16:32 2021 -0400

    stop parsing on exception

commit 44c3bfc788dd4c94682093d480c514ab38543a2f
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sat Aug 14 19:10:19 2021 -0400

    stop parsing after exception

commit 8a23eb2603186c704f30d4b2f17bdefa5d6822d3
Author: Dirk Lemstra <dirk@lemstra.org>
Date:   Sat Aug 14 14:09:48 2021 +0200

    Use &amp; instead.

commit 41c9434f427bcbba9163f4550cd034a6d8363fb9
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Thu Aug 12 14:53:33 2021 -0400

    https://github.com/ImageMagick/ImageMagick/issues/4059

commit b4262b3791e8fc1ec5b23df00fd690c42ca288fc
Merge: d58673a5 4b34f4a3
Author: Bastien Roucariès <rouca@debian.org>
Date:   Mon Feb 1 13:01:06 2021 +0000

    Import imagemagick_6.9.11.60+dfsg.orig.tar.xz

commit 4b34f4a3dda2b7dd505cda5c779303d274087a5b
Merge: 5cd03b16 9574e419
Author: Bastien Roucariès <rouca@debian.org>
Date:   Mon Feb 1 13:00:30 2021 +0000

    Merge branch 'v6.9.11-60' into upstreamdebian

commit 9574e41942e414594d1622a7b5571b93986d12af
Author: Bastien Roucariès <rouca@debian.org>
Date:   Mon Feb 1 12:59:52 2021 +0000

    Register new upstream

commit 56b831b9e20f3b0ddf287629bb53186a3ccb6053
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Mon Jan 25 10:01:41 2021 -0500

    pending release

commit 584cabd8b279e8e46610e0655e3424dc71a2f19c
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sun Jan 24 18:26:27 2021 -0500

    ...

commit c8038bdd1733ab86ac4f3b07a678df274e46d1de
Author: Cristy <urban-warrior@imagemagick.org>
Date:   Sun Jan 24 15:15:05 2021 +0000

    update documentation

commit 97b75a8f78d0c8aea115047ad147ee25a49f9cf3
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sun Jan 24 10:09:30 2021 -0500

    register decoration is deprecated

commit bf3c812bbe23777c4b957dd7761d9a7ac943c089
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sun Jan 24 09:37:58 2021 -0500

    git add   magick/annotate.c magick/attribute.c magick/channel.c magick/cipher.c magick/colormap.c magick/colorspace.c magick/compare.c magick/composite.c magick/compress.c magick/decorate.c magick/deprecate.c magick/display.c magick/distort.c magick/distribute-cache.c magick/draw.c magick/effect.c magick/enhance.c magick/feature.c magick/fourier.c magick/fx.c magick/hashmap.c magick/histogram.c magick/identify.c magick/image-view.c magick/image.c magick/layer.c magick/mac.c magick/matrix.c magick/morphology.c magick/paint.c magick/pixel.c magick/profile.c magick/quantize.c magick/quantum-export.c magick/quantum-import.c magick/resize.c magick/segment.c magick/shear.c magick/statistic.c magick/stream.c magick/threshold.c magick/transform.c magick/vision.c magick/visual-effects.c magick/xwindow.c wand/deprecate.c wand/magick-image.c wand/mogrify.c wand/pixel-iterator.c wand/wand-view.c

commit 6c715016d815efbfa39dd342050089aba80dec25
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sun Jan 24 09:03:52 2021 -0500

    pending release

commit d58673a5c37a591506f51b2c78ce9f9d10939126
Merge: 968d7200 5cd03b16
Author: Bastien Roucariès <rouca@debian.org>
Date:   Fri Jan 22 21:43:35 2021 +0000

    Import imagemagick_6.9.11.58+dfsg.orig.tar.xz

commit 5cd03b16e1eebe21816f25b839f3da71c12a4a6e
Author: Bastien Roucariès <rouca@debian.org>
Date:   Fri Jan 22 21:42:39 2021 +0000

    Add tar.xz

commit d3f9d57d4882fd7e2145890c5f8f26edef471ae5
Merge: 2d2d1dbd f38ca0d3
Author: Bastien Roucariès <rouca@debian.org>
Date:   Fri Jan 22 21:37:13 2021 +0000

    Merge commit 'f38ca0d37' into upstreamdebian

commit f38ca0d37cae50de4b44ddedbd89acd4259f8903
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sat Jan 16 11:17:03 2021 -0500

    floating precision issue on i686

commit 72be64e3d488ba34af516c66a9064e7ba4dd0a58
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sat Jan 16 10:58:02 2021 -0500

    initialize pixel_info

commit 71aec48f6d7788163a49eeda7db3a883e56c3a38
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sat Jan 16 10:34:14 2021 -0500

    ...

commit 6996f3af64a48915a1d6f2c31b2fc6b520556f9d
Author: Cristy <urban-warrior@imagemagick.org>
Date:   Sat Jan 16 15:19:28 2021 +0000

    eliminate compiler warning

commit 5d5adbc22084663d6390cdec9d1ac170f68cfb2a
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sat Jan 16 09:59:04 2021 -0500

    ...

commit 968d720023514e502751fdfa3d703e4530f2b576
Merge: 1b095dbf 2d2d1dbd
Author: Bastien Roucariès <rouca@debian.org>
Date:   Mon Jan 11 20:50:40 2021 +0000

    Import imagemagick_6.9.11.57+dfsg.orig.tar.xz

commit 1b095dbf711a61676544cc5e12d361d19c341088
Merge: 1b7fcf84 2d2d1dbd
Author: Bastien Roucariès <rouca@debian.org>
Date:   Mon Jan 11 20:50:24 2021 +0000

    Import imagemagick_6.9.11.57+dfsg.orig.tar.xz

commit 2d2d1dbdbdc01ac02d4bbe2699683946d54fa453
Merge: d33141f9 3254fa46
Author: Bastien Roucariès <rouca@debian.org>
Date:   Mon Jan 11 20:48:43 2021 +0000

    Merge branch 'tmp' into upstreamdebian

commit 3254fa461bd5ce5c662787290ef560a8e6490b26
Author: Bastien Roucariès <rouca@debian.org>
Date:   Mon Jan 11 20:47:46 2021 +0000

    Add repacked

commit 1afccc12e29c49c82c6881ccf1bb1e39c066fbf1
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sat Jan 9 11:13:02 2021 -0500

    pending release

commit c2f75ef8927edc687ed23193ee806d8bed9a98a8
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sat Jan 9 11:12:25 2021 -0500

    Magick.pm required for Windows build

commit b0d26092675a9a61ff3363b246d9560e12fe2cab
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sat Jan 9 10:44:18 2021 -0500

    pending release

commit 1b7fcf84d748f0789fc12ec813dd874df25b70ff
Merge: 0a04a1f5 d33141f9
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Jul 26 14:39:41 2020 +0200

    Import imagemagick_6.9.11.24+dfsg.orig.tar.xz

commit d33141f9d175fa97432f78e179d6267df8dff282
Author: Bastien Roucariès <rouca@debian.org>
Date:   Sun Jul 26 14:16:38 2020 +0200

    Add upstream
Created: 2026-03-01 Last update: 2026-03-01 11:00
Depends on packages which need a new maintainer normal
The packages that imagemagick depends on which need a new maintainer are:
  • html2ps (#759016)
    • Suggests: html2ps html2ps
Created: 2019-11-22 Last update: 2026-03-01 10:01
3 open merge requests in Salsa normal
There are 3 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.
Created: 2025-09-24 Last update: 2026-02-19 23:31
AppStream hints: 2 warnings for imagemagick-7.q16hdri,imagemagick-7.q16 normal
AppStream found metadata issues for packages:
  • imagemagick-7.q16: 1 warning
  • imagemagick-7.q16hdri: 1 warning
You should get rid of them to provide more metadata about this software.
Created: 2020-06-01 Last update: 2024-12-29 23:00
RFH: The maintainer is looking for help with this package. normal
The current maintainer is looking for someone who can help with the maintenance of this package. If you are interested in this package, please consider helping out. One way you can help is offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #1017366 for more information.
Created: 2022-08-15 Last update: 2022-08-15 02:06
Multiarch hinter reports 1 issue(s) low
There are issues with the multiarch metadata for this package.
  • imagemagick could be converted to Architecture: all and marked Multi-Arch: foreign
Created: 2026-01-23 Last update: 2026-03-01 10:30
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.7.0).
Created: 2025-02-21 Last update: 2026-01-22 04:04
testing migrations
  • This package will soon be part of the auto-libraw transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
news
[rss feed]
  • [2026-01-29] Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u6 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
  • [2026-01-29] Accepted imagemagick 8:7.1.1.43+dfsg1-1+deb13u5 (source) into proposed-updates (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
  • [2026-01-26] Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u6 (source) into oldstable-security (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
  • [2026-01-26] Accepted imagemagick 8:7.1.1.43+dfsg1-1+deb13u5 (source) into stable-security (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
  • [2026-01-25] imagemagick 8:7.1.2.13+dfsg1-1 MIGRATED to testing (Debian testing watch)
  • [2026-01-24] Accepted imagemagick 8:6.9.11.60+dfsg-1.3+deb11u9 (source) into oldoldstable-security (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
  • [2026-01-21] Accepted imagemagick 8:7.1.2.13+dfsg1-1 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
  • [2026-01-16] imagemagick 8:7.1.2.12+dfsg1-1 MIGRATED to testing (Debian testing watch)
  • [2026-01-03] Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
  • [2026-01-03] Accepted imagemagick 8:7.1.1.43+dfsg1-1+deb13u4 (source) into proposed-updates (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
  • [2025-12-31] Accepted imagemagick 8:6.9.11.60+dfsg-1.3+deb11u8 (source) into oldoldstable-security (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
  • [2025-12-28] Accepted imagemagick 8:7.1.2.12+dfsg1-1 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
  • [2025-11-16] imagemagick 8:7.1.2.8+dfsg1-1 MIGRATED to testing (Debian testing watch)
  • [2025-11-02] Accepted imagemagick 8:7.1.1.43+dfsg1-1+deb13u3 (source) into proposed-updates (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
  • [2025-10-28] Accepted imagemagick 8:7.1.2.8+dfsg1-1 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
  • [2025-10-19] Accepted imagemagick 8:6.9.11.60+dfsg-1.3+deb11u7 (source) into oldoldstable-security (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
  • [2025-10-18] Accepted imagemagick 8:7.1.2.7+dfsg1-1 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
  • [2025-09-15] Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u4 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
  • [2025-09-12] Accepted imagemagick 8:7.1.1.43+dfsg1-1+deb13u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
  • [2025-09-11] Accepted imagemagick 8:7.1.1.43+dfsg1-1+deb13u2 (source) into stable-security (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
  • [2025-09-11] Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u4 (source) into oldstable-security (Debian FTP Masters) (signed by: Bastien ROUCARIÈS)
  • [2025-09-10] Accepted imagemagick 8:6.9.11.60+dfsg-1.3+deb11u6 (source) into oldoldstable-security (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
  • [2025-09-08] imagemagick 8:7.1.2.3+dfsg1-1 MIGRATED to testing (Debian testing watch)
  • [2025-09-06] Accepted imagemagick 8:7.1.2.3+dfsg1-1 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
  • [2025-08-31] imagemagick 8:7.1.1.43+dfsg1-1+deb13u1 MIGRATED to testing (Debian testing watch)
  • [2025-08-19] Accepted imagemagick 8:7.1.2.1+dfsg1-1 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
  • [2025-07-18] Accepted imagemagick 8:7.1.1.43+dfsg1-1+deb13u1 (source) into testing-proposed-updates (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
  • [2025-07-16] Accepted imagemagick 8:7.1.1.47+dfsg1-2 (source) into unstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
  • [2025-05-03] Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u3 (source) into proposed-updates (Debian FTP Masters) (signed by: Adrian Bunk)
  • [2025-04-26] Accepted imagemagick 8:6.9.11.60+dfsg-1.3+deb11u5 (source) into oldstable-security (Adrian Bunk)
  • 1
  • 2
bugs [bug history graph]
  • all: 128 131
  • RC: 0
  • I&N: 80 81
  • M&W: 47 49
  • F&P: 1
  • patch: 11 12
  • help: 1
  • NC: 1
links
  • homepage
  • lintian (7, 17)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debian patches
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 8:7.1.2.13+dfsg1-1
  • 101 bugs (1 patch)

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing