Debian Imagemagick vulnerabilities

CVE-2025-68469 [LOW] CVE-2025-68469: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d... ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6+deb12u5) bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u8) forky: resolved (fixe

CVE-2024-41817 [HIGH] CVE-2024-41817: imagemagick - ImageMagick is a free and open-source software suite, used for editing and manip... ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libra

CVE-2023-34151 [HIGH] CVE-2023-34151: imagemagick - A vulnerability was found in ImageMagick. This security flaw ouccers as an undef... A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6+deb12u1) bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u3) forky: resolved (fixed in 8:6.9.12.98+dfsg1-2

CVE-2023-1289 [MEDIUM] CVE-2023-1289: imagemagick - A vulnerability was discovered in ImageMagick where a specially created SVG file... A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash fi

CVE-2023-3428 [MEDIUM] CVE-2023-3428: imagemagick - A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageM... A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6+deb12u1) bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb1

CVE-2023-5341 [MEDIUM] CVE-2023-5341: imagemagick - A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6+deb12u1) bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u3) forky: resolved (fixed in 8:6.9.12.98+dfsg1-2) sid: resolved (fixed in 8:6.9.12.98+dfsg1-2) trixie: resolved (fixed in 8:6.9.12.98+dfsg1-2)

CVE-2023-3745 [MEDIUM] CVE-2023-3745: imagemagick - A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() fu... A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.1

CVE-2023-1906 [MEDIUM] CVE-2023-1906: imagemagick - A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSp... A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.

CVE-2023-34152 [CRITICAL] CVE-2023-34152: imagemagick - A vulnerability was found in ImageMagick. This security flaw cause a remote code... A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2023-39978 [LOW] CVE-2023-39978: imagemagick - ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memo... ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2023-34474 [MEDIUM] CVE-2023-34474: imagemagick - A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2Image... A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. Scope: local bookworm: resolved bullseye: resolved forky: resolved

CVE-2023-34153 [HIGH] CVE-2023-34153: imagemagick - A vulnerability was found in ImageMagick. This security flaw causes a shell comm... A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2023-34475 [MEDIUM] CVE-2023-34475: imagemagick - A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() fu... A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service. Scope: local bookworm: resolved bullseye: resolved forky: res

CVE-2023-2157 [MEDIUM] CVE-2023-2157: imagemagick - A heap-based buffer overflow vulnerability was found in the ImageMagick package ... A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 8:6.9.12.98+dfsg1-2) sid: resolved (fixed in 8:6.9.12.98+dfsg1-2) trixie: resolved (fixed in 8:6.9.12.98+dfsg1-2)

CVE-2023-3195 [MEDIUM] CVE-2023-3195: imagemagick - A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. Th... A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 8:6.9.12.98+dfsg1-2) sid: resolved (fixed

CVE-2022-28463 [HIGH] CVE-2022-28463: imagemagick - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.5) bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u2) forky: resolved (fixed in 8:6.9.11.60+dfsg-1.5) sid: resolved (fixed in 8:6.9.11.60+dfsg-1.5) trixie: resolved (fixed in 8:6.9.11.60+dfsg-1.5)

CVE-2022-32547 [HIGH] CVE-2022-32547: imagemagick - In ImageMagick, there is load of misaligned address for type 'double', which req... In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. Scope: lo

CVE-2022-1114 [HIGH] CVE-2022-1114: imagemagick - A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() functi... A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.5) bullseye:

CVE-2022-32545 [HIGH] CVE-2022-32545: imagemagick - A vulnerability was found in ImageMagick, causing an outside the range of repres... A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.5) bullseye:

CVE-2022-48541 [HIGH] CVE-2022-48541: imagemagick - A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to ... A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command. Scope: local bookworm: resolved (fixed in 8:6.9.11.57+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.57+dfsg-1) forky: resolved (fixed in 8:6.9.11.57+dfsg-1) sid: resolved (fixed in 8:6.9.11.57+dfsg-1) trixie: resolved (fix