Debian Imagemagick vulnerabilities

CVE-2026-25638 [MEDIUM] CVE-2026-25638: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasing these allocated resources. Versions 7.1.2-15 and 6.9.13-40 c

CVE-2026-25897 [MEDIUM] CVE-2026-25897: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch. Scope: local bookworm:

CVE-2026-25799 [MEDIUM] CVE-2026-25799: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-4

CVE-2026-25576 [MEDIUM] CVE-2026-25576: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from

CVE-2026-28688 [MEDIUM] CVE-2026-28688: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. This vulnerability is fixed in 7.1.2

CVE-2026-27799 [MEDIUM] CVE-2026-27799: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation over

CVE-2026-25798 [MEDIUM] CVE-2026-25798: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9

CVE-2026-25898 [MEDIUM] CVE-2026-25898: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negativ

CVE-2026-23952 [MEDIUM] CVE-2026-23952: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (rele

CVE-2026-25967 [HIGH] CVE-2026-25967: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch. Scope: local bookworm: resolved bullseye: resol

CVE-2026-25969 [MEDIUM] CVE-2026-25969: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. Version 7.1.2-15 contains a

CVE-2026-25637 [MEDIUM] CVE-2026-25637: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. Version 7.1.2-15 contains a patch. Scope: local bookworm: r

CVE-2026-25966 [MEDIUM] CVE-2026-25966: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames (e.g., fd:0, fd:1). Prior to versions 7.1.2-15 and 6.9.13-40, this path form is not blocked by the

CVE-2026-30935 [MEDIUM] CVE-2026-30935: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds read can occur. This vulnerability is fixed in 7.1.2-16. Scope: loca

CVE-2026-28493 [MEDIUM] CVE-2026-28493: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted image. This vulnerability is fixed in 7.1.2-16. Scope: local bookworm: resolved bullseye

CVE-2026-22770 [MEDIUM] CVE-2026-22770: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS

CVE-2026-30929 [HIGH] CVE-2026-30929: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. Scope: local bookworm: resolved bulls

CVE-2026-30931 [MEDIUM] CVE-2026-30931: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. This vulnerability is fixed in 7.1.2-16. Scope: local bookworm: resolved bullseye: resolved forky: resolved

CVE-2026-25794 [HIGH] CVE-2026-25794: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write.

CVE-2025-55154 [HIGH] CVE-2025-55154: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1. Scope: local bookworm: resolved (fixe