-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 16 Mar 2026 00:43:38 +0100
Source: imagemagick
Binary: imagemagick-7-common imagemagick-7-doc libimage-magick-perl libmagick++-7-headers libmagick++-dev libmagickcore-7-headers libmagickcore-dev libmagickwand-7-headers libmagickwand-dev perlmagick
Architecture: all
Version: 8:7.1.1.43+dfsg1-1+deb13u7
Distribution: trixie-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 imagemagick-7-common - image manipulation programs -- infrastructure
 imagemagick-7-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libmagick++-7-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-7-headers - low-level image manipulation library - header files
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-7-headers - image manipulation library - headers files
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Changes:
 imagemagick (8:7.1.1.43+dfsg1-1+deb13u7) trixie-security; urgency=high
 .
   * Fix CVE-2026-28493:
     An integer overflow vulnerability exists in the SIXEL decoder.
   * Fix CVE-2026-28494:
     A stack buffer overflow exists in ImageMagick's morphology
     kernel parsing functions. User-controlled kernel strings
     exceeding a buffer are copied into fixed-size stack buffers
     via memcpy without bounds checking, resulting in stack
     corruption.
   * Fix CVE-2026-28686:
     A heap-buffer-overflow vulnerability exists in the PCL
     encoder due to an undersized output buffer allocation
   * Fix CVE-2026-28687:
     A heap use-after-free vulnerability in ImageMagick's
     MSL decoder allows an attacker to trigger access to
     freed memory by crafting an MSL file.
   * Fix CVE-2026-28688:
     A heap-use-after-free vulnerability exists in the MSL encoder,
     where a cloned image is destroyed twice. The MSL coder does not support
     writing MSL so the write capability has been removed.
   * Fix CVE-2026-28689:
     domain="path" authorization is checked before final
     file open/use. A symlink swap between check-time and use
     time bypasses policy-denied read/write
   * Fix CVE-2026-28690:
     a stack buffer overflow vulnerability exists in the
     MNG encoder. There is a bounds checks missing that could
     corrupting the stack with attacker-controlled data.
   * Fix CVE-2026-28691:
     An uninitialized pointer dereference vulnerability exists
     in the JBIG decoder due to a missing check
   * Fix CVE-2026-28692:
     The MAT decoder uses 32-bit arithmetic due to incorrect
     parenthesization resulting in a heap over-read.
   * Fix CVE-2026-28693:
     An integer overflow in DIB coder can result in out of
     bounds read or write
   * Fix CVE-2026-30883:
     An extremely large image profile could result in a heap
     overflow when encoding a PNG image.
   * Fix CVE-2026-30929:
     MagnifyImage uses a fixed-size stack buffer.
     When using a specific image it is possible to overflow
     this buffer and corrupt the stack.
   * Fix CVE-2026-30931
     A heap-based buffer overflow in the UHDR encoder
     can happen due to truncation of a value and it would
     allow an out of bounds write.
   * Fix CVE-2026-30935:
     BilateralBlurImage contains a heap buffer over-read caused
     by an incorrect conversion. When processing a crafted image
     with the -bilateral-blur operation an out of bounds read
     can occur.
   * Fix CVE-2026-30936:
     A crafted image could cause an out of bounds heap write inside the
     WaveletDenoiseImage method. When processing a crafted image with
     the -wavelet-denoise operation an out of bounds write can occur.
   * Fix CVE-2026-30937:
     A 32-bit unsigned integer overflow in the XWD (X Windows)
     encoder can cause an undersized heap buffer allocation.
     When writing a extremely large image an out of bounds heap
     write can occur
   * Fix CVE-2026-31853:
     An overflow on 32-bit systems can cause a crash in the
     SFW decoder when processing extremely large images.
   * Fix CVE-2026-32259:
     When a memory allocation fails in the sixel encoder it would
     be possible to write past the end of a buffer on the stack
   * Port SVG and MSL coder to 7.1.2-16
Checksums-Sha1:
 4dbcaf98d936a782a6972e6a454b14ae6500b284 73812 imagemagick-7-common_7.1.1.43+dfsg1-1+deb13u7_all.deb
 14ecd9ffbfa15125aeb6e371d7bb52a1955606a1 9217236 imagemagick-7-doc_7.1.1.43+dfsg1-1+deb13u7_all.deb
 b891875077f102c0bfb08e0a3862f302dff8f654 18621 imagemagick_7.1.1.43+dfsg1-1+deb13u7_all-buildd.buildinfo
 a65425059da89909b48307ea1d089d1ebf7b71e4 38928 libimage-magick-perl_7.1.1.43+dfsg1-1+deb13u7_all.deb
 6dcfe53e923ce57bb343b07155584a5b9d0c912f 47632 libmagick++-7-headers_7.1.1.43+dfsg1-1+deb13u7_all.deb
 dae76e4ddd24d120d57e20b8ea0c55a71a1ff092 1188 libmagick++-dev_7.1.1.43+dfsg1-1+deb13u7_all.deb
 8a3093e5ac4c7dcdc5dfeab488b947b8107caebe 50420 libmagickcore-7-headers_7.1.1.43+dfsg1-1+deb13u7_all.deb
 41357591e279fa3e1752a45c6ae7c054497584d6 1164 libmagickcore-dev_7.1.1.43+dfsg1-1+deb13u7_all.deb
 b99bef44888e0b799dcb7892e9725728a7689638 9868 libmagickwand-7-headers_7.1.1.43+dfsg1-1+deb13u7_all.deb
 c6bd86387b5648f5985f0291571bdf24922b6a9c 1144 libmagickwand-dev_7.1.1.43+dfsg1-1+deb13u7_all.deb
 048b89af1f76c13e24064ac20b240c4fbf66b09f 1192 perlmagick_7.1.1.43+dfsg1-1+deb13u7_all.deb
Checksums-Sha256:
 d8bebc82fcb1f26c4d052ed539cbb6d47ce009e9aa816f4c5443d263edf76647 73812 imagemagick-7-common_7.1.1.43+dfsg1-1+deb13u7_all.deb
 4d88357a3321b0ec179fc389b01b8fc07c37e35d37e9263476646c385990fb43 9217236 imagemagick-7-doc_7.1.1.43+dfsg1-1+deb13u7_all.deb
 2e76c742bf4632441a78160d0e918a5b16b8ad7ff95286c19e9318ab18a663d9 18621 imagemagick_7.1.1.43+dfsg1-1+deb13u7_all-buildd.buildinfo
 f912408f486d2954a20f77834343cbf93b9dc5749031c3502e2f4403c7a11cd7 38928 libimage-magick-perl_7.1.1.43+dfsg1-1+deb13u7_all.deb
 0f84fe0ade23c3c177180a00e14f5e10c734f806da77611c5fdad27c773c49a5 47632 libmagick++-7-headers_7.1.1.43+dfsg1-1+deb13u7_all.deb
 3c749d9338939e373ebbac2a8696d4c2d5017e1f6822ab5984fe67ad1000a83e 1188 libmagick++-dev_7.1.1.43+dfsg1-1+deb13u7_all.deb
 4eb7c7c9eb92266736dc3496402a3e516fe6cd4f681209bf25500fd95437adc6 50420 libmagickcore-7-headers_7.1.1.43+dfsg1-1+deb13u7_all.deb
 691e356d3b8e82444de429031cd56ee4ea6e50f6d29abfc51c2a4a910ff0398b 1164 libmagickcore-dev_7.1.1.43+dfsg1-1+deb13u7_all.deb
 74d082f8f0a03910cbf75e591c30059bdcb7d894993156b2c0be66426a43121f 9868 libmagickwand-7-headers_7.1.1.43+dfsg1-1+deb13u7_all.deb
 b8787ff4185f4e74a97f9670006ca1d30222128189c277e4ff0681ecae28fb4f 1144 libmagickwand-dev_7.1.1.43+dfsg1-1+deb13u7_all.deb
 0e551468b09cac1bddd6d4f46ebb511c8a83e3b16966524deb076bafd281c195 1192 perlmagick_7.1.1.43+dfsg1-1+deb13u7_all.deb
Files:
 024b2072821476fac4cd4e3e85fd83a7 73812 graphics optional imagemagick-7-common_7.1.1.43+dfsg1-1+deb13u7_all.deb
 544ddc320b82a928aedff5423849be84 9217236 doc optional imagemagick-7-doc_7.1.1.43+dfsg1-1+deb13u7_all.deb
 3340a9f127874e8cce9f258ec8006a63 18621 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u7_all-buildd.buildinfo
 db42faabb2fadfd30959a6451b74bd48 38928 perl optional libimage-magick-perl_7.1.1.43+dfsg1-1+deb13u7_all.deb
 f345dca1a5dd7bd5bb83818b2b2a30f5 47632 libdevel optional libmagick++-7-headers_7.1.1.43+dfsg1-1+deb13u7_all.deb
 d201190838ce4bb9550bbab675cd7d1d 1188 oldlibs optional libmagick++-dev_7.1.1.43+dfsg1-1+deb13u7_all.deb
 c45b872ac4d33d50d2ae7f0908c56f9a 50420 libdevel optional libmagickcore-7-headers_7.1.1.43+dfsg1-1+deb13u7_all.deb
 7af324d938d1b49cf9090345c426d1ae 1164 oldlibs optional libmagickcore-dev_7.1.1.43+dfsg1-1+deb13u7_all.deb
 667ee731175b74929de153492aed0dce 9868 libdevel optional libmagickwand-7-headers_7.1.1.43+dfsg1-1+deb13u7_all.deb
 2ebe6f36957d89325595c91da57cd4b8 1144 oldlibs optional libmagickwand-dev_7.1.1.43+dfsg1-1+deb13u7_all.deb
 edee54e46774904ba221b691ea14492f 1192 oldlibs optional perlmagick_7.1.1.43+dfsg1-1+deb13u7_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmm8EjEACgkQmgPNRvTf
/zc+AQ//QmcE1gYJgATzav57KbbUzYNNuVTcL/rNzTpVEtuCPlcxpx1I+VaaDo3M
LD4tSlWNtObk0pVWKnEwQ2PiWTVIRsJ3ZIio1/3SCfpiwr5mQ5mGRLu/B88+2rDe
0yZlooSM6ST4u0OkgWnZChdrkTgnD5tNaFf9lGH7Rd8gDertzCIymaODJt316sZJ
uerfOubXFW6po5saKQ7ESEKtHrT8NbMtF9Qn4l/0hevmxgNQzqU7AVINnZ2T4oTZ
ut/RhzpkwpoUI59uvfP/1f7nPbIux4DeG4zwpItNi9CzUzcT8BOv5j95l6ghhwx5
9/wmG8WyRBlMRFPlU/NWxISHXigXiN9O1rSKnKKY+045wNskwujL/JZ2chLiy1Gb
Nac136XoxejCAwc2P9yDC2MH31DjbG3G++HdhQQgSK4k8gr48QgwCLgjv9Ab2Mqn
l5SmxalxDWuKyUlNPW4OSAS9fMIdjoHAIVj9U8Je3i60Q5OqjlL8CzzVX+hu/Kk5
IpnH0F+gNqym/PGj47axD4lkJdrv6gh6dbLX3TleSP/U49l2hZb3j5zTBZKlhnW2
afIEy+9vzvPi2/i0EFREsDdAxPJrtPINdEdM33E5Qk/2WUTKiXjCdn6xh5EIscK5
DUpUaHBx6YP/lFJz37mIwj93bd/2GF9L0FUHfSicTeR3oki3nN0=
=dwBq
-----END PGP SIGNATURE-----