Debian Imagemagick vulnerabilities

CVE-2026-26284 [MEDIUM] CVE-2026-26284: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7

CVE-2026-25987 [MEDIUM] CVE-2026-25987: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 co

CVE-2026-28690 [MEDIUM] CVE-2026-28690: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. Scope: lo

CVE-2026-24484 [MEDIUM] CVE-2026-24484: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6+deb12u7) bullseye: resolved

CVE-2026-32259 [MEDIUM] CVE-2026-32259: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. Scope: local bookworm: open bullseye: open forky: resolved

CVE-2026-32636 [MEDIUM] CVE-2026-32636: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue. Scope: local bookworm: open bullseye: open forky: resolved (fixed in

CVE-2026-25970 [MEDIUM] CVE-2026-25970: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs dur

CVE-2026-25971 [MEDIUM] CVE-2026-25971: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 8:7.1.2.15+dfs

CVE-2026-28689 [MEDIUM] CVE-2026-28689: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. Scope: local bookworm

CVE-2026-25986 [MEDIUM] CVE-2026-25986: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2

CVE-2026-30883 [MEDIUM] CVE-2026-30883: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 8:7.1.2.1

CVE-2026-27798 [MEDIUM] CVE-2026-27798: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch. Scope: local bookworm: resolved (fixed in 8:6.

CVE-2026-28687 [MEDIUM] CVE-2026-28687: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. Scope: local bookworm: open

CVE-2026-26283 [MEDIUM] CVE-2026-26283: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) wit

CVE-2026-25795 [MEDIUM] CVE-2026-25795: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contai

CVE-2026-31853 [MEDIUM] CVE-2026-31853: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 8:7

CVE-2026-30937 [MEDIUM] CVE-2026-30937: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. This vulnerability is fixed in 7.1.

CVE-2026-26066 [MEDIUM] CVE-2026-26066: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6+deb12u7)

CVE-2026-25796 [MEDIUM] CVE-2026-25796: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. V

CVE-2026-25982 [MEDIUM] CVE-2026-25982: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read