imagemagick (8:7.1.2.13+dfsg1-1)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/debian/imagemagick.git
-
- Branch: debian/lastest
- Path: debian/changelog
- Repo size: 86294528
- Browser: https://salsa.debian.org/debian/imagemagick
- Last scan: 2026-02-11 03:55:37+00
- Next scan: 2026-02-19 22:53:00+00
- Merge requests: 1
- CI pipeline status: failed
- Debian changelog in Git:
imagemagick (8:7.1.2.13+dfsg1-1) unstable; urgency=high
* New upstream version
* Fix CVE-2026-22770 (Closes: #1126074)
The BilateralBlurImage method will allocate a set of
double buffers inside AcquireBilateralTLS.
The last element in the set is not properly initialized.
This will result in a release of an invalid pointer
inside DestroyBilateralTLS when the memory allocation fails
* Fix CVE-2026-23874 (Closes: #1126075)
a stack overflow was found via infinite recursion in
MSL (Magick Scripting Language) `<write>` command when
writing to MSL format.
* Fix CVE-2026-23876 (Closes: #1126076)
A heap buffer overflow vulnerability was found in the XBM
image decoder (ReadXBMImage) allows an attacker to write
controlled data past the allocated heap buffer when
processing a maliciously crafted image file.
Any operation that reads or identifies an image can
trigger the overflow, making it exploitable via common
image upload and processing pipelines.
* Fix CVE-2026-23952 (Closes: 1126077)
NULL pointer dereference was found in MSL parser via <comment>
tag before image load
-- Bastien Roucariès <rouca@debian.org> Wed, 21 Jan 2026 22:54:51 +0100
- This branch is even with tag debian/8%7.1.2.13+dfsg1-1
