-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 20 Jun 2026 13:35:39 +0200 Source: imagemagick Architecture: source Version: 8:7.1.1.43+dfsg1-1+deb13u10 Distribution: trixie-security Urgency: high Maintainer: ImageMagick Packaging Team Changed-By: Bastien Roucariès Closes: 1140176 Changes: imagemagick (8:7.1.1.43+dfsg1-1+deb13u10) trixie-security; urgency=high . * Fix CVE-2026-48724: When using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write * Fix CVE-2026-48734: A crafted MVG file could result in a stack overflow due to a missing depth or visited-set check * Fix CVE-2026-48994: A missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. * Fix CVE-2026-49218: A missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. * Fix CVE-2026-49219: An incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink * Backport policy from 7.1.2.25 * Fix CVE-2026-53460: A missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. * Fix CVE-2026-53461: An incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. * Fix CVE-2026-53463: When passing incorrect arguments in the distort operation a null pointer deference will occur. * Fix CVE-2026-53464: When providing invalid options to the wand option parser a small memory leak will occur. * Harden debian policy in case of custom recompilation (Closes: #1140176) Checksums-Sha1: 623835326a9e19622ced44bd8b93caf9470fde17 5165 imagemagick_7.1.1.43+dfsg1-1+deb13u10.dsc 103af0af388a733c043845b228cf3031c16d859b 10501740 imagemagick_7.1.1.43+dfsg1.orig.tar.xz f0272bcbc3f31e0312f9d104a6d4ecf555485515 346928 imagemagick_7.1.1.43+dfsg1-1+deb13u10.debian.tar.xz dbb9b98836b3b438e7ccd2cbd5d34e0ec5b04cb8 8537 imagemagick_7.1.1.43+dfsg1-1+deb13u10_source.buildinfo Checksums-Sha256: a3b34ba2a422e93a219195a499ee67b306561f91683d7a77800d83157ed7f10d 5165 imagemagick_7.1.1.43+dfsg1-1+deb13u10.dsc bcb4f3c78a930a608fa4889f889edbcb384974246ad9407fce1858f2c0607bfe 10501740 imagemagick_7.1.1.43+dfsg1.orig.tar.xz 8aee9cfdf22414d306fa1b027670f7a4ececc359164e92868b150f21e099d621 346928 imagemagick_7.1.1.43+dfsg1-1+deb13u10.debian.tar.xz f08aa361a89b882d1222aa920d45d1bf124ea073825c941c5f5e1c4786021021 8537 imagemagick_7.1.1.43+dfsg1-1+deb13u10_source.buildinfo Files: fae1fc22e7e0345b6e7017c9d00b0101 5165 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u10.dsc 01cfb13a7c1813afb50790e431358c6c 10501740 graphics optional imagemagick_7.1.1.43+dfsg1.orig.tar.xz 59618f1ae2ed16055eb4d998dc3b7590 346928 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u10.debian.tar.xz 3a439d3a552ce5cf68d54a3a98296237 8537 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u10_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmo3ku8ACgkQADoaLapB CF9DWQ//UGqtD+gMuatUKmYJXO9gh3He9gef/enbzNWUnCssn0AMkBjVL2wmw9E0 hUa2AIiWicl8qfDxGZiJzI2JiG5uIlX1pwqrXEUMfMXWXbom0ORVq4WN9cVcge2A ebvVz7pEiD9oeL56Ff6khV6ha9d/Ig0q/mUq8BNwd19I8Gxz517h6eoe0N434e8j R1SW244+T1FZLiIsxROHL/bfaX2a/ugwT/SNp3yk0d73vSmANtWYoNFASQbMaxHT NCieZQxF5RueEpCDD08OSAMOhVf496PjLn644JaAduGcoSbIQW3Tslu53xiNAJt5 l6dHvDZ+JTPmER2tbnb8wygE4VDkwsjP0d+/5Wv3oJ7L5n91Eh8rEFPyq+RgDcGh DTZb/FZPlovtqVq5/uMGdXkyHosgAEefeJeNp5Pi9c0sSM/P1O8QnPsv0fe/sIIB FHyWdkRjqxTaI0weJ9LzJdEQefg8wbmisqLIdRRCB584IiKajoQOloOmRLzt5/oM Tod/zO644H9upgbHl+jwsOo61nqKDvrHRAMWxDRwwWIFHORXO+SWpxSDsdI9OJnY cGGHY/MB7QbuzfWDZqvsh0EXI6HR6wT1RAVo6T3qj497bOA17Hh+QeZPNswgDcGc G92tnKoA+OxlSItofoefEXPIe3Toj27laCviBDH1TeZcMxyQhN8= =nqf8 -----END PGP SIGNATURE-----