-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 21 Jan 2026 22:54:51 +0100
Source: imagemagick
Binary: imagemagick-7-common imagemagick-7-doc libimage-magick-perl libmagick++-7-headers libmagick++-dev libmagickcore-7-headers libmagickcore-dev libmagickwand-7-headers libmagickwand-dev perlmagick
Architecture: all
Version: 8:7.1.1.43+dfsg1-1+deb13u5
Distribution: trixie-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 imagemagick-7-common - image manipulation programs -- infrastructure
 imagemagick-7-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libmagick++-7-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-7-headers - low-level image manipulation library - header files
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-7-headers - image manipulation library - headers files
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 1126074 1126075 1126076 1126077
Changes:
 imagemagick (8:7.1.1.43+dfsg1-1+deb13u5) trixie-security; urgency=high
 .
   * Fix CVE-2026-22770 (Closes: #1126074)
     The BilateralBlurImage method will allocate a set of
     double buffers inside AcquireBilateralTLS.
     The last element in the set is not properly initialized.
     This will result in a release of an invalid pointer
     inside DestroyBilateralTLS when the memory allocation fails
   * Fix CVE-2026-23874 (Closes: #1126075)
     a stack overflow was found via infinite recursion in
     MSL (Magick Scripting Language) `<write>` command when
     writing to MSL format.
   * Fix CVE-2026-23876 (Closes: #1126076)
     A heap buffer overflow vulnerability was found in the XBM
     image decoder (ReadXBMImage) allows an attacker to write
     controlled data past the allocated heap buffer when
     processing a maliciously crafted image file.
     Any operation that reads or identifies an image can
     trigger the overflow, making it exploitable via common
     image upload and processing pipelines.
   * Fix CVE-2026-23952 (Closes: 1126077)
     NULL pointer dereference was found in MSL parser via <comment>
     tag before image load
Checksums-Sha1:
 b760e73214e7458a614e45b21183e0dc9a679ccc 70204 imagemagick-7-common_7.1.1.43+dfsg1-1+deb13u5_all.deb
 38ba2d3bdf3345bffdb758e95ac1bade9ec81308 9213328 imagemagick-7-doc_7.1.1.43+dfsg1-1+deb13u5_all.deb
 ab1ab03cdc394ab37a1216569494ced86c0390d2 18596 imagemagick_7.1.1.43+dfsg1-1+deb13u5_all-buildd.buildinfo
 834652c88b129b254cb85466fbdaf25a9394462c 38920 libimage-magick-perl_7.1.1.43+dfsg1-1+deb13u5_all.deb
 2440fc643d03b11b98282dbf2178323ee909dfa3 47640 libmagick++-7-headers_7.1.1.43+dfsg1-1+deb13u5_all.deb
 5829576bed69c92e4a8280b017643c16ef871abb 1188 libmagick++-dev_7.1.1.43+dfsg1-1+deb13u5_all.deb
 14b9c9301f7e23c9028228db741bfb45b2d032a8 50380 libmagickcore-7-headers_7.1.1.43+dfsg1-1+deb13u5_all.deb
 e0a8213ff017e2ed20328670fce15556e5b38a6c 1160 libmagickcore-dev_7.1.1.43+dfsg1-1+deb13u5_all.deb
 4a9a80814bfd9ee7ef8e8e86293409e74b9642c1 9868 libmagickwand-7-headers_7.1.1.43+dfsg1-1+deb13u5_all.deb
 c9818e19304bd9e62ccb992dfa5608ee75ee1967 1144 libmagickwand-dev_7.1.1.43+dfsg1-1+deb13u5_all.deb
 30d98508e35ef2ed2f768cdf1512135bd9f7dafd 1192 perlmagick_7.1.1.43+dfsg1-1+deb13u5_all.deb
Checksums-Sha256:
 0ee8096496d7f953968d9c7bd052f94927d805928840b4aa5d1e85ba85bfba03 70204 imagemagick-7-common_7.1.1.43+dfsg1-1+deb13u5_all.deb
 6f3cd168a5d6abbd47babcf5c5ecfb296e5d9ca563d0a7d6d9f78804860c86bc 9213328 imagemagick-7-doc_7.1.1.43+dfsg1-1+deb13u5_all.deb
 2afbe3ee9a0012d634e54713dd3e35355800c5bd69066893427e5dbf4ea6ed7a 18596 imagemagick_7.1.1.43+dfsg1-1+deb13u5_all-buildd.buildinfo
 60a93b9e2354cfa7e998a2da35a1826a3c2cafe69996daf56cd14eeddc6b283f 38920 libimage-magick-perl_7.1.1.43+dfsg1-1+deb13u5_all.deb
 c976b1804e8351ed78dce917ed6cb9bc54e487e0498d2a37296096383f8cc866 47640 libmagick++-7-headers_7.1.1.43+dfsg1-1+deb13u5_all.deb
 7a69b8c532bbca5ca3296df79811963c3ffe7a439e7e6613263451f4a18c521d 1188 libmagick++-dev_7.1.1.43+dfsg1-1+deb13u5_all.deb
 106d88ddde5b2ca94ddf980e447c492ec0690b6fc7df6fbf099721077f033e00 50380 libmagickcore-7-headers_7.1.1.43+dfsg1-1+deb13u5_all.deb
 9e5516f6e5770b19133a4b13fe4d182501a74907295b3bef1df8d3c5d3a759e1 1160 libmagickcore-dev_7.1.1.43+dfsg1-1+deb13u5_all.deb
 66a0d8a4697cc90d7e627f3db9f074c4b8ec700adc78c569dda2aae43e32d3ba 9868 libmagickwand-7-headers_7.1.1.43+dfsg1-1+deb13u5_all.deb
 2e23f7ab8ba3deb05e5abf0185843f56f281dcfefb9262838c620c1a2cb50984 1144 libmagickwand-dev_7.1.1.43+dfsg1-1+deb13u5_all.deb
 433e4700ef67298ebfd0d270ede004685e5b04293d2184123802bb610ed52ba3 1192 perlmagick_7.1.1.43+dfsg1-1+deb13u5_all.deb
Files:
 8a5e4d6e401b27fa9758aaa42d86e04f 70204 graphics optional imagemagick-7-common_7.1.1.43+dfsg1-1+deb13u5_all.deb
 afef46f2e521671dd48313f7d9e6dc97 9213328 doc optional imagemagick-7-doc_7.1.1.43+dfsg1-1+deb13u5_all.deb
 c25ee8e47e22d9d3e8d05234acfa2b2e 18596 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u5_all-buildd.buildinfo
 508bc40ab815cfdd28bc988b1e8e222b 38920 perl optional libimage-magick-perl_7.1.1.43+dfsg1-1+deb13u5_all.deb
 4b83548d6c80b5278f4e956e737ce2b3 47640 libdevel optional libmagick++-7-headers_7.1.1.43+dfsg1-1+deb13u5_all.deb
 b0e58672a1e43abc64dd3ec44ca9c674 1188 oldlibs optional libmagick++-dev_7.1.1.43+dfsg1-1+deb13u5_all.deb
 d7dfbdf176b16cea20961172c3bd8c01 50380 libdevel optional libmagickcore-7-headers_7.1.1.43+dfsg1-1+deb13u5_all.deb
 574dd39d2e449148fc09d51b39c8ea5a 1160 oldlibs optional libmagickcore-dev_7.1.1.43+dfsg1-1+deb13u5_all.deb
 9238eb85f24a7830d7289646a8432eca 9868 libdevel optional libmagickwand-7-headers_7.1.1.43+dfsg1-1+deb13u5_all.deb
 54c1bcb80c018338cc9c21b8ed4e01dd 1144 oldlibs optional libmagickwand-dev_7.1.1.43+dfsg1-1+deb13u5_all.deb
 e6dee11783beb46453dfb457d0f546cb 1192 oldlibs optional perlmagick_7.1.1.43+dfsg1-1+deb13u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmlzptIACgkQJm69HxMT
N+qHlw//etmLbKBjRw/CIiiGqgPi/M74Qmakgd4e9fSsbDVMP3tVLBPrp3Otr3N9
rzRT3ed5AXI7ABMp9GtXjcBrqup5zkixbWMjd8xG1lu32j3NVoxb2HRfXoJnjfeI
gaWcNa1ouGEUl8Xy0ORXbgT8xtri6dFcBxNDt2+QaagRzuCy1urFmasL5a2wSg4W
KFxr1Ud+bG4EsSJlIJMj5GAdAFAA1E7Ci2d6QrjfriTXG75L7mp4fF0k1otijKwV
Kkj6nMuGFvZwPi34jhKGYq2ARZFxcqt1AcvcJKkkxqnjYjIfC2C2u2wm8HrpNlih
lzStY2rWjmTgcmy77pyBCI8lgV2qrqPRDq8Dk8OeFigqFqcIz36Q8sW0tLNELI5V
uIhBLpbNrSmKPgzzljLam9xyQpxVyCbNjekhCBzIpfzphtvzrYBHMv2mMO5bdUgX
A2e2zPQlCv+WgWDgDwIwrSc6kkXhtSf+bUU+8NntAC9j8MaYH1yU8JULPO/MWfry
gO259ttpUaRZ1TUDPkh+y8SQlcRWoPnlGUviMgR2Gyj1A76Xkjtn9/irmJG4EWbv
EYqsbcjOmtGbNEQEeWfyNFQnvRo2vs9W06GgZmau9Z991FrpV22SLsAMXP5UFT7V
rH8xXP3NPyj2MXVvapOdxwVJ0tl2WzS9YXp9tC8MMlDeCLNYnGY=
=OzZF
-----END PGP SIGNATURE-----