-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 20 Jun 2026 13:35:39 +0200
Source: imagemagick
Binary: imagemagick-7-common imagemagick-7-doc libimage-magick-perl libmagick++-7-headers libmagick++-dev libmagickcore-7-headers libmagickcore-dev libmagickwand-7-headers libmagickwand-dev perlmagick
Architecture: all
Version: 8:7.1.1.43+dfsg1-1+deb13u10
Distribution: trixie-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 imagemagick-7-common - image manipulation programs -- infrastructure
 imagemagick-7-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libmagick++-7-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-7-headers - low-level image manipulation library - header files
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-7-headers - image manipulation library - headers files
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 1140176
Changes:
 imagemagick (8:7.1.1.43+dfsg1-1+deb13u10) trixie-security; urgency=high
 .
   * Fix CVE-2026-48724:
     When using an image with mask the Floyd-Steinberg dithering
     method it will cause a negative heap buffer over-write
   * Fix CVE-2026-48734:
     A crafted MVG file could result in a stack overflow due to a missing depth
     or visited-set check
   * Fix CVE-2026-48994:
     A missing check of a return value could lead to a heap buffer over-write in the MAT
     decoder on 32-bit systems.
   * Fix CVE-2026-49218:
     A missing check in the DCM decoder could result in an image with invalid dimensions
     and that could cause crashes in other operation.
   * Fix CVE-2026-49219:
     An incorrect parsing of the filename can result in a policy bypass and read files
     disallowed by a security policy using a symlink
   * Backport policy from 7.1.2.25
   * Fix CVE-2026-53460:
     A missing check for maximum memory request in AcquireAlignedMemory
     could trigger an out-of-Memory condition.
   * Fix CVE-2026-53461:
     An incorrect loop in the ICON decoder can result in an out of
     bounds heap write resulting in a crash.
   * Fix CVE-2026-53463:
     When passing incorrect arguments in the distort operation a
     null pointer deference will occur.
   * Fix CVE-2026-53464:
     When providing invalid options to the wand option parser
     a small memory leak will occur.
   * Harden debian policy in case of custom recompilation (Closes: #1140176)
Checksums-Sha1:
 6f460f937a5384471b0da6d5fe7e2073adec4dd2 75952 imagemagick-7-common_7.1.1.43+dfsg1-1+deb13u10_all.deb
 adbd7caf47187d18cc82e387d50209d3fc3add68 9219244 imagemagick-7-doc_7.1.1.43+dfsg1-1+deb13u10_all.deb
 5cff07d6c4f92e7a74a5285b8ecb2e5dc4676a32 18849 imagemagick_7.1.1.43+dfsg1-1+deb13u10_all-buildd.buildinfo
 90bcfa4ef4614d7f108638d3c46ac946d303375b 38916 libimage-magick-perl_7.1.1.43+dfsg1-1+deb13u10_all.deb
 9bb3e251270106caf4c5098adddfbbd3e155ae01 47628 libmagick++-7-headers_7.1.1.43+dfsg1-1+deb13u10_all.deb
 07cb249eb264846e11d3eb9b9e03dd5ee5bd5796 1188 libmagick++-dev_7.1.1.43+dfsg1-1+deb13u10_all.deb
 b4a025fdb0f31549b5436cd714114a9d9b9c2dfc 50384 libmagickcore-7-headers_7.1.1.43+dfsg1-1+deb13u10_all.deb
 de2fe3c857c9a2a28606725888c2a8724afdf5f4 1164 libmagickcore-dev_7.1.1.43+dfsg1-1+deb13u10_all.deb
 49748975fb666fc69354ee712b33089665a5bd60 9864 libmagickwand-7-headers_7.1.1.43+dfsg1-1+deb13u10_all.deb
 52dca09cfc2c681befdb422df79da63a968563ba 1148 libmagickwand-dev_7.1.1.43+dfsg1-1+deb13u10_all.deb
 e01378b9ff1577a3f322388788c6a838b93a9fa9 1192 perlmagick_7.1.1.43+dfsg1-1+deb13u10_all.deb
Checksums-Sha256:
 7939a83e2deb17fae046034a13bfbce25626b7f3aa6472d107c4740ec3c8d05b 75952 imagemagick-7-common_7.1.1.43+dfsg1-1+deb13u10_all.deb
 47f569d3a873f2cebcc3cb0d4853763f85fbf9a1caee6e8fd4408e7cf876126d 9219244 imagemagick-7-doc_7.1.1.43+dfsg1-1+deb13u10_all.deb
 876c7e8bf5994c2fe98d6c1ddffd60ecaacfa98ca304e53b743c1bb91ee58ffd 18849 imagemagick_7.1.1.43+dfsg1-1+deb13u10_all-buildd.buildinfo
 eb05482fb255e953d40598dfe1d67aa1abedb31a4b29ed87718c1ddafe5e680f 38916 libimage-magick-perl_7.1.1.43+dfsg1-1+deb13u10_all.deb
 60b617f189e01b3db7e498332b95d3d0514d578aacc548fb5949a3e4361fa04e 47628 libmagick++-7-headers_7.1.1.43+dfsg1-1+deb13u10_all.deb
 5aa74b256e76b2fbc2a4f1f171c630c0c9a5b5ba3aa304871fce73ac24ec7466 1188 libmagick++-dev_7.1.1.43+dfsg1-1+deb13u10_all.deb
 f184df381e848f1951597641b637e4c6c239f2185b38d9bcbf80ea7d7347ff6e 50384 libmagickcore-7-headers_7.1.1.43+dfsg1-1+deb13u10_all.deb
 ed2678abdb8e8d66019c6deb87f600ed79da618f5c4374ce62c677622369aa08 1164 libmagickcore-dev_7.1.1.43+dfsg1-1+deb13u10_all.deb
 e78be9735a6eab87c814d3fe04945ce50306bf94254cb4f4e1eb5b2f5e09723e 9864 libmagickwand-7-headers_7.1.1.43+dfsg1-1+deb13u10_all.deb
 1a09bf0045e2dd8e9ca9cfbce6166017c1bac07b860f29a87b61a84a90c9ccfe 1148 libmagickwand-dev_7.1.1.43+dfsg1-1+deb13u10_all.deb
 e6ef445744a7dda9a97de1ce1bd4bc059da6bf2c77a2e4338b6370ba2e5399e0 1192 perlmagick_7.1.1.43+dfsg1-1+deb13u10_all.deb
Files:
 0de46f657a69e28b31dc9610e77b5f18 75952 graphics optional imagemagick-7-common_7.1.1.43+dfsg1-1+deb13u10_all.deb
 7ef9402766be83ecaef2f0e5c81d3b3c 9219244 doc optional imagemagick-7-doc_7.1.1.43+dfsg1-1+deb13u10_all.deb
 0dd59b2400f148c64b9c8848e4da3f76 18849 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u10_all-buildd.buildinfo
 deaa1a6d1820e2ae0668f1906f92ca1a 38916 perl optional libimage-magick-perl_7.1.1.43+dfsg1-1+deb13u10_all.deb
 f8c7b7ae7043ecc3575e23fb6adbe1a4 47628 libdevel optional libmagick++-7-headers_7.1.1.43+dfsg1-1+deb13u10_all.deb
 9617c24125a0d7739d5070b335d11a59 1188 oldlibs optional libmagick++-dev_7.1.1.43+dfsg1-1+deb13u10_all.deb
 97995cbe90d5e8b14f88e4c7923ee5c3 50384 libdevel optional libmagickcore-7-headers_7.1.1.43+dfsg1-1+deb13u10_all.deb
 075b40085203d03ad0ac3fb4fe86198e 1164 oldlibs optional libmagickcore-dev_7.1.1.43+dfsg1-1+deb13u10_all.deb
 a72136d0c30f48624748940b494ded14 9864 libdevel optional libmagickwand-7-headers_7.1.1.43+dfsg1-1+deb13u10_all.deb
 c9ba62cb26d75017377b589815c7ac96 1148 oldlibs optional libmagickwand-dev_7.1.1.43+dfsg1-1+deb13u10_all.deb
 c415d12cdf07b2e1212286faa766a61e 1192 oldlibs optional perlmagick_7.1.1.43+dfsg1-1+deb13u10_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmo3m0AACgkQmgPNRvTf
/zdTWhAAvu4qVALLMXujc7BCOXb2g7apq3bAs0sE4igCFH6nWhsp5uQB1Ip7s1or
GyBcwsmDAWOh3yjauXsLoGZ5M+OnJ/GalsOys/edC/XmkRlQ7P+jhOOzoqL9eMTk
4sFaIYxHYSNKYCs5KDxAVDwNc3uSIFNUADFKZoF5Ejx6zw6K/FM2xgoTizVL1BJT
kgwngGqhPza1p9imcqgW+jTRayiI1rzrek/Z6PDnAYl6FW9TfpW1gCnME4FUs7WA
GLo5CyAyLvk1K1CEMxr2YR0PAHiNejs/8RJIUu17jkmBkLRu0dlH1B/LmVMA0DWA
ih6frxo4zvjor5yyRwWuO4sr86FexCn7OTPUaTIshzgehiggyjBrP5exFZTHIPAX
Pj9Dnki4RSwFl0Dbvh5RU+6k2vhCD2TNG5h94q7IwfWaB29Fd8wCNHk7cU5Nt0QY
I6lahk8potVHZtPQgi+A0ZV67wMkFekCxdGH6J+EsXnoyZerY1fMg1ZAgnbLgKcG
7xgbBEZfyugi3GNboh1UMWGtWVur7HTBKnfrMmdYHWIEfRfig6R8gClW7pZCrPFL
9qC73hDiXyWQ9YxxlKmr207Q1yVLNz342W/bW3P3blTWTAjY0f1syMi4vTvexsb8
HoBjpfDvN/9HecMQckxDbKnIV0L1BdlH1Gqtw6fcXzB9k0aVFBA=
=yTNr
-----END PGP SIGNATURE-----