Debian Patches
Status for imagemagick/8:6.9.11.60+dfsg-1.6+deb12u8
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2026-25988.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7 sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks (cherry picked from commit d2e99064d65f5955f39d92e4b208089409118683) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/d2e99064d65f5955f39d92e4b208089409118683 | 2026-02-07 |
| CVE-2026-25989_pre1.patch | optimize cast methods (cherry picked from commit 638ef47e90fe7de9717cf96018a271bf256ad080) |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/638ef47e90fe7de9717cf96018a271bf256ad080 | 2025-10-18 | |
| CVE-2026-25989_pre2.patch | https://github.com/ImageMagick/ImageMagick/issues/8556 (cherry picked from commit 370cdbdfd5ede94c2136d4cf20fe1aab21e38388) |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/370cdbdfd5ede94c2136d4cf20fe1aab21e38388 | 2026-02-04 | |
| CVE-2026-25989.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7355-pwx2-pm84 (cherry picked from commit 7fc7208f8f3073d768b8b1658fd6ecda1ef6e1c5) |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/7fc7208f8f3073d768b8b1658fd6ecda1ef6e1c5 | 2026-02-07 | |
| CVE-2026-26066.patch | Fixed possible infinite loop (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3) (cherry picked from commit c20c915e2fea200b6210b4759a6f83bba077ed78) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/c20c915e2fea200b6210b4759a6f83bba077ed78 | 2026-02-12 |
| CVE-2026-32259.patch | Added extra check to prevent out of bounds write when color reduction fails (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-49hx-7656-jpg3) (cherry picked from commit 812ff3ef91967d367aa7a087a31b94f3b2a267ee) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/812ff3ef91967d367aa7a087a31b94f3b2a267ee | 2026-03-07 |
| GetMagickThreadFilename.patch | Add GetMagickThreadFilename Extract GetMagickThreadFilename from 6.9.13-41 |
Bastien Roucariès <rouca@debian.org> | no | 2026-03-17 | ||
| port-msl-svg-to-6.9.13-41.patch | port coders/msl.c coders/svg.c to 6.9.13-41 | Bastien Roucariès <rouca@debian.org> | no | 2026-03-17 | ||
| revert-delegate-change.patch | Revert "No longer redirect the output with inkscape because this causes issues on Windows." This reverts commit 08178d7e2dbdd4069b1b261c454afd09e37cdd4b. [backport] - this fix a regression on i386 |
Bastien Roucariès <rouca@debian.org> | no | 2026-04-12 | ||
| i386-fix.patch | Fix failure to convert for i386 | Bastien Roucariès <rouca@debian.org> | invalid | 2026-03-31 | ||
| CVE-2026-32636.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-354p-2qx7-jg9g (cherry picked from commit a04a9a514c70c9533ccb9f6ff80102a1b9a6445b) The NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/a04a9a514c70c9533ccb9f6ff80102a1b9a6445b | 2026-03-12 | |
| CVE-2026-33535.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mw3m-pqr2-qv7c (cherry picked from commit 3bdfa6a73a6c0ba5f2d0986cd2a1892c37f796f3) |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/3bdfa6a73a6c0ba5f2d0986cd2a1892c37f796f3 | 2026-03-21 | |
| CVE-2026-33536.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8793-7xv6-82cf (cherry picked from commit 3ed2120f70ee9ff0c6cac2375e5821c52c381b4c) |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/3ed2120f70ee9ff0c6cac2375e5821c52c381b4c | 2026-03-20 | |
| CVE-2026-26283.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. (cherry picked from commit 8b47529f22404853d22205583087add01ea9fae8) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick6/commit/8b47529f22404853d22205583087add01ea9fae8 | 2026-02-13 |
| CVE-2026-27798.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/59edeec2b2adf2ca37454d622f3bca2a61893146 | 2026-02-17 |
| CVE-2026-27799.patch | Corrected type to avoid an overflow (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2) (cherry picked from commit 958ca384aa84ca48fbe3af07bb8d1708ab4d6143) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/958ca384aa84ca48fbe3af07bb8d1708ab4d6143 | 2026-02-10 |
| CVE-2026-25985.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84 a crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort. (cherry picked from commit d186398f2c2f06692dc18eaf781042368c6659a5) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/d186398f2c2f06692dc18eaf781042368c6659a5 | 2026-02-07 |
| CVE-2026-25985_post1.patch | Set status to false to make sure the rest of the content is no longer parsed. (cherry picked from commit f089279cf9cb5bbc0532078aa3aaf7d7625307d1) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/f089279cf9cb5bbc0532078aa3aaf7d7625307d1 | 2026-03-06 |
| CVE-2026-26284_pre1.patch | More changes to improve the readability. (cherry picked from commit 621b8d831aa2922c6237cde35f86df78807494dc) |
Dirk Lemstra <dirk@lemstra.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/621b8d831aa2922c6237cde35f86df78807494dc | 2026-01-27 | |
| CVE-2026-26284.patch | Corrected loop initialization to prevent out of bounds read (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842) (cherry picked from commit 5204a166fd2463905025378303c7e3715163d0e7) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/5204a166fd2463905025378303c7e3715163d0e7 | 2026-01-27 |
| CVE-2026-26983.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w8mw-frc6-r7m8 The MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed (cherry picked from commit b34591e9067df9cd6fe73b71b1f0d20b3c2bbbc0) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/b34591e9067df9cd6fe73b71b1f0d20b3c2bbbc0 | 2026-02-16 |
| CVE-2026-25796_post1.patch | coders/stegano.c: destroy watermark image prior to throwing exception (#398) (cherry picked from commit 2024ae1d10a7481d04fb717b3fa9170fd294a8f3) |
Ian Constantin <iconstantin94@gmail.com> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/2024ae1d10a7481d04fb717b3fa9170fd294a8f3 | 2026-02-26 |
| CVE-2026-28494.patch | Added checks to avoid possible stack corruption (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm) | Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/f6cd30e0493635eb0b8a4e3dd93c1ac14a35a7e9 | 2026-02-28 |
| CVE-2026-28686_28687_28688_28689_28690_28692.patch | jumbo security patch (cherry picked from commit 6a602fb36f181a0089848344a3b0d79fc6155a2b) Fix CVE-2026-28686, CVE-2026-28688, CVE-2026-28689, CVE-2026-28690, CVE-2026-28691, CVE-2026-28692 This fix supersed fixes for CVE-2026-28687 |
Cristy <urban-warrior@imagemagick.org> | no | backport, https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b | 2026-02-22 | |
| CVE-2026-28693_pre1.patch | https://gist.github.com/mescuwa/9197f4317a69559cdf87d0bfab6fa473 (cherry picked from commit 98b5af39db1a18153abf0b2ad604dc112de94fba) |
Cristy <urban-warrior@imagemagick.org> | no | backport, https://github.com/ImageMagick/ImageMagick6/commit/98b5af39db1a18153abf0b2ad604dc112de94fba | 2025-08-23 | |
| CVE-2026-28693_1.patch | https://github.com/ImageMagick/ImageMagick/pull/8573 (cherry picked from commit c54e9b365118972f939b0efcdd5087e106eb8945) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick6/commit/c54e9b365118972f939b0efcdd5087e106eb8945 | 2026-02-28 |
| CVE-2026-28693_2.patch | Added extra check. (cherry picked from commit b13562f805d36de13c7c66c5fca6a6505495aae1) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/b13562f805d36de13c7c66c5fca6a6505495aae1 | 2026-03-01 |
| 0001-Fix-br-tag.patch | Fix br tag find . -path './.git' -prune -o -type 'f' -name '*.html' -exec sed -i 's,<br>,<br />,g' {} \; |
Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2018-02-02 | ||
| 0002-Fix-api-Image-.html.patch | Fix api/Image++.html | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2016-12-14 | ||
| 0003-Fix-www-api-mophologie.html.patch | Fix www/api/mophologie.html | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2016-12-14 | ||
| 0004-Fix-www-command-line-options.html.patch | Fix www/command-line-options.html | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2016-12-14 | ||
| 0005-Use-modern-idiom-for-autoconf.patch | Use modern idiom for autoconf | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2015-09-15 | ||
| 0006-Allow-distribution-to-custumize-the-html-pointer-to-.patch | Allow distribution to custumize the html pointer to documentation Allow to say on debian system you might install the imagemagick-doc package |
Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | debian | 2018-02-02 | |
| 0007-Improve-policy-in-order-to-be-safer.patch | Improve policy in order to be safer Limit memory and disk to safe value. Disable http delegate. You should really use curl |
Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | no | 2016-11-22 | ||
| 0008-Fix-remaining-error-in-html-files.patch | Fix remaining error in html files | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | no | 2017-03-18 | ||
| 0009-Improve-man-page-to-use-version-information-and-quan.patch | Improve man page to use version information and quantum Use ls *.in |sed 's,[.]1.in,,g' |xargs -n1 sh -c 'sed -i "s,$1(1),$1-im@MAGICK_MAJOR_VERSION@.@MAGICK_ABI_SUFFIX_LC@(1),g" *.in' sedtest use ls *.in |sed 's,[.]1.in,,g' |xargs -n1 sh -c 'sed -i "s,fB$1,fB$1-im@MAGICK_MAJOR_VERSION@.@MAGICK_ABI_SUFFIX_LC@,g" *.in' sedtest use ls *.in |sed 's,[.]1.in,,g' |xargs -n1 sh -c 'sed -i "s,.TH $1,.TH $1-im@MAGICK_MAJOR_VERSION@.@MAGICK_ABI_SUFFIX_LC@,g" *.in' sedtest |
Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | no | 2017-03-21 | ||
| 0010-Fix-changelog-tag-mismatch.patch | Fix changelog tag mismatch | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | no | 2017-06-04 | ||
| 0011-Fix-html-error-in-api-Image-.html.patch | Fix html error in api/Image++.html | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2017-08-11 | ||
| 0012-Fix-www-escape.html.patch | Fix www/escape.html | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2017-08-11 | ||
| 0013-Fix-www-magick-script.html.patch | Fix www/magick-script.html | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2017-08-11 | ||
| 0014-Fix-www-support.html.patch | Fix www/support.html | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2017-08-11 | ||
| 0015-Fix-instead-of-lt-and-input-form.patch | Fix < instead of < and input form | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2018-02-03 | ||
| 0016-Fix-another-errors-in-html-files.patch | Fix another errors in html files | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2018-03-19 | ||
| 0017-Fix-index.html.patch | Fix index.html | Bastien Roucariès <rouca@debian.org> | invalid | 2018-07-30 | ||
| 0018-Fix-end-tags.patch | Fix end tags | Bastien Roucariès <rouca@debian.org> | invalid | 2018-07-30 | ||
| 0019-Fix-a-few-html-error.patch | Fix a few html error | Bastien Roucariès <rouca@debian.org> | invalid | 2020-07-26 | ||
| 0020-Fix-a-typo-in-manpage.patch | Fix a typo in manpage | Bastien Roucariès <rouca@debian.org> | no | 2020-07-27 | ||
| 0021-Finalize-fixing-error-in-html.patch | Finalize fixing error in html | Bastien Roucariès <rouca@debian.org> | no | 2021-01-11 | ||
| 0022-FIx-error-in-new-upstream-html.patch | FIx error in new upstream html | Bastien Roucariès <rouca@debian.org> | invalid | 2021-02-01 | ||
| 0001-https-github.com-ImageMagick-ImageMagick6-issues-145.patch | https://github.com/ImageMagick/ImageMagick6/issues/145 | Cristy <mikayla-grace@urban-warrior.org> | no | 2021-04-10 | ||
| 0023-disable-ghostscript-formats.patch | disable ghostscript handled formats based on -SAFER insecurity Based on Tavis Ormandy's Recommendations |
Steve Beattie <steve.beattie@canonical.com> | no | |||
| move-profile-property-to-cli-option.patch | move `-set profile` handler to CLI | Cristy <urban-warrior@imagemagick.org> | no | 2023-02-03 | ||
| CVE-2021-20241.patch | fix division by zero in WriteJP2Image() in coders/jp2.c | Zhang Xiaohui <ruc_zhangxiaohui@163.com> | no | 2021-02-02 | ||
| CVE-2021-20243.patch | https://github.com/ImageMagick/ImageMagick/pull/3177 | Cristy <mikayla-grace@urban-warrior.org> | no | 2021-02-03 | ||
| CVE-2021-20244.patch | uses the PerceptibleReciprocal() to prevent the divide-by-zero from occurring (#3194) (cherry picked from commit 329dd528ab79531d884c0ba131e97d43f872ab5d) This backports the fix for CVE-2021-20244 to IM6. |
ruc_zhangxiaohui <553441439@qq.com> | no | 2021-02-04 | ||
| CVE-2021-20245.patch | https://github.com/ImageMagick/ImageMagick/issues/3176 | Cristy <mikayla-grace@urban-warrior.org> | no | 2021-02-03 | ||
| CVE-2021-20246.patch | https://github.com/ImageMagick/ImageMagick/issues/3195 | Cristy <mikayla-grace@urban-warrior.org> | no | 2021-02-03 | ||
| CVE-2021-20309.patch | https://github.com/ImageMagick/ImageMagick/issues/3296 | Cristy <mikayla-grace@urban-warrior.org> | no | 2021-02-25 | ||
| CVE-2021-20312_20313.patch | possible divide by zero + clear buffers | Cristy <mikayla-grace@urban-warrior.org> | no | 2021-02-25 | ||
| CVE-2021-3574.patch | https://github.com/ImageMagick/ImageMagick/issues/3540 | Cristy <mikayla-grace@urban-warrior.org> | no | 2021-04-13 | ||
| CVE-2021-39212.patch | Use the correct rights. | Dirk Lemstra <dirk@lemstra.org> | no | 2021-09-11 | ||
| CVE-2021-4219.patch | https://github.com/ImageMagick/ImageMagick/issues/4626 | Cristy <mikayla-grace@urban-warrior.org> | no | 2021-12-22 | ||
| CVE-2022-1114.patch | Coders: https://github.com/ImageMagick/ImageMagick/issues/4947 | Cristy <urban-warrior@imagemagick.org> | no | 2022-03-15 | ||
| CVE-2022-28463.patch | https://github.com/ImageMagick/ImageMagick/issues/4988 | Cristy <urban-warrior@imagemagick.org> | no | 2022-03-26 | ||
| CVE-2022-32545.patch | Pull request: https://github.com/ImageMagick/ImageMagick/pull/4963 | Cristy <urban-warrior@imagemagick.org> | no | 2022-03-19 | ||
| CVE-2022-32546.patch | https://github.com/ImageMagick/ImageMagick/pull/4986 | Cristy <urban-warrior@imagemagick.org> | no | 2022-03-24 | ||
| CVE-2022-32547.patch | https://github.com/ImageMagick/ImageMagick/pull/5034 | Cristy <urban-warrior@imagemagick.org> | no | 2022-04-09 | ||
| 0041-1-2-CVE-2021-3610-eliminate-heap-buffer-overflow-vul.patch | [1/2] CVE-2021-3610 eliminate heap buffer overflow vulnerability in TIFF coder thanks to ZhangJiaxing (@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group |
Cristy <mikayla-grace@urban-warrior.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/b307bcadcdf6ea6819951ac1786b7904f27b25c6.patch | 2021-05-27 |
| 0042-2-2-CVE-2021-3610-eliminate-heap-buffer-overflow-vul.patch | [2/2] CVE-2021-3610 eliminate heap buffer overflow vulnerability in TIFF coder Thanks to ZhangJiaxing (@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group (cherry picked from commit c75ae771a00c38b757c5ef4b424b51e761b02552) |
Cristy <mikayla-grace@urban-warrior.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/b307bcadcdf6ea6819951ac1786b7904f27b25c6.patch | 2021-05-30 |
| 0043-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch | heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell) | Cristy <mikayla-grace@urban-warrior.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/e1fbcdf3aad96d51db65c1601117396eac665a6d | 2021-07-26 |
| 0044-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch | heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell) | Cristy <mikayla-grace@urban-warrior.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/35b88c9166bc1b3ce8893f52217bae00d8e2c532 | 2021-07-26 |
| 0045-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch | heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell) | Cristy <mikayla-grace@urban-warrior.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/f90a091c7dd12cc53b0999bf49d1c80651534eea | 2021-07-26 |
| 0046-Fix-a-non-initialized-value-passed-to-TIFFGetField.patch | Fix a non initialized value passed to TIFFGetField() | Cristy <mikayla-grace@urban-warrior.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/995de330310dd35531165d9471fe4d31e0fa79ae | 2021-09-03 |
| 0047-initialize-buffer-before-calling-TIFFGetField.patch | initialize buffer before calling TIFFGetField() | Cristy <mikayla-grace@urban-warrior.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/995de330310dd35531165d9471fe4d31e0fa79ae | 2021-09-04 |
| 0048-Fix-stack-overflow-when-parsing-malicious-tiff-image.patch | Fix stack overflow when parsing malicious tiff image (cherry picked from commit 85a370c79afeb45a97842b0959366af5236e9023) |
Cristy <mikayla-grace@urban-warrior.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023 | 2021-10-19 | |
| 0049-early-exit-on-exception.patch | early exit on exception In case of malformed tiff image bail early (cherry picked from commit b272acab91444f2115099fe51ee6c91bb4db5d50) |
Cristy <mikayla-grace@urban-warrior.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/b272acab91444f2115099fe51ee6c91bb4db5d50 | 2021-11-06 | |
| 0050-Fix-buffer-overrun-in-TIFF-coder.patch | Fix buffer overrun in TIFF coder | Cristy <mikayla-grace@urban-warrior.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/2204eb57ae00b005b39165a47b8984eac01600a5 | 2021-03-14 | |
| 0051-Fix-buffer-overrun-in-TIFF-coder.patch | Fix buffer overrun in TIFF coder | Cristy <mikayla-grace@urban-warrior.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/add9cb14e14eef02806715d97abcf5d04a3e55dd | 2021-12-17 | |
| 0052-Fix-buffer-overrun-in-TIFF-coder.patch | Fix buffer overrun in TIFF coder | Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/de6ada9a068b01494bfb848024ed46942da9d238 | 2022-03-17 |
| 0053-Fix-unintialised-value.patch | Fix unintialised value | Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/409d42205927c98cbb852ca96e109716f38f04ab | 2022-02-11 |
| 0054-Raise-exception-when-image-could-not-be-read-but-no-.patch | Raise exception when image could not be read but no exception was raised. Bail out in case of corrupted image https://github.com/ImageMagick/ImageMagick6/commit/3e15c68efcb1e6383c93e7dfe38ba6c37e614d1b (cherry picked from commit 3e15c68efcb1e6383c93e7dfe38ba6c37e614d1b) |
Dirk Lemstra <dirk@lemstra.org> | no | 2022-02-19 | ||
| 0055-CVE-2022-1115-heap-based-overflow-with-a-specially-c.patch | CVE-2022-1115: heap based overflow with a specially crafted TIFF image | Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51 | 2022-03-22 |
| 0056-CVE-2023-1289-recursion-detection-framework.patch | CVE-2023-1289: recursion detection framework | Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/e8c0090c6d2df7b1553053dca2008e96724204bf | 2023-03-06 | |
| 0057-CVE-2023-1289-recursion-detection.patch | CVE-2023-1289 recursion detection | Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/706d381b7eb79927d328c96f7b7faab5dc109368 | 2023-03-06 |
| 0058-CVE-2023-1906.patch | CVE-2023-1906 A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d | 2023-04-01 | |
| 0059-1-2-Prepare-CVE-2023-34151-improved-range-checking.patch | [1/2] Prepare CVE-2023-34151 :improved range checking | Cristy <urban-warrior@imagemagick.org> | no | 2023-04-15 | ||
| 0060-2-2-Prepare-CVE-2023-34151-add-additional-checks-for.patch | [2/2] Prepare CVE-2023-34151: add additional checks for casting double to size_t | Cristy <urban-warrior@imagemagick.org> | no | 2023-04-13 | ||
| 0061-CVE-2023-34151-properly-cast-double-to-size_t.patch | CVE-2023-34151: properly cast double to size_t | Cristy <urban-warrior@imagemagick.org> | yes | upstream | 2023-05-17 | |
| 0062-heap-buffer-overflow-in-ImageMagick-7.1.1-12-contrib.patch | heap-buffer-overflow in ImageMagick <= 7.1.1-12, contributed by Hardik shah of Vehere (Dawn Treaders team) This fix CVE-2023-3428 |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/0d00400727170b0540a355a1bc52787bc7bcdea5 | 2023-06-26 | |
| 0063-Added-check-for-invalid-size.patch | Added check for invalid size. | Dirk Lemstra <dirk@lemstra.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/94f76dd2f760241bec51e7d66873e77a58d812ba.patch | 2021-11-30 | |
| 0064-improve-BMP-error-checking.patch | improve BMP error checking bug; https://github.com/ImageMagick/ImageMagick/issues/5980 |
Cristy <urban-warrior@imagemagick.org> | no | 2023-01-18 | ||
| 0065-CVE-2023-5341.patch | CVE-2023-5341 | Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/405684654eb9b43424c3c0276ea343681021d9e0 | 2023-09-24 | |
| 0066-CVE-2023-34151-properly-cast-double-to-size_t.patch | CVE-2023-34151: properly cast double to size_t forgot to cast double to unsigned int |
Cristy <urban-warrior@imagemagick.org> | yes | debian upstream | https://github.com/ImageMagick/ImageMagick6/commit/be15ac962dea19536be1009d157639030fc42be9.patch | 2024-04-23 |
| 0067-CVE-2023-34151.patch | CVE-2023-34151 This is a prerequist for fixing it magick produces incorrect result possibly due to overflow |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/8b7b17c8fef72dab479e6ca676676d8c5e395dd6 | 2022-02-21 |
| 0068-incorrect-bounds-checking-for-draw-affine-https-gith.patch | incorrect bounds checking for draw affine @ https://github.com/ImageMagick/ImageMagick/issues/5497 | Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/c5a9368d871943eceafce143bb87612b2a9623b2.patch | 2022-08-28 | |
| 0069-CVE-2023-34151.patch | CVE-2023-34151 improved range checking (https://github.com/ImageMagick/ImageMagick/issues/6341) |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/75ebd9975f6ba8106ec15a6b3e6ba95f4c14e117.patch | 2024-04-19 | |
| 0070-check-for-value-0-ceil-not-required.patch | check for value < 0, ceil() not required This patch addresses CVE-2023-34151, not a recurring bug of CVE-2022-32546. Cast from double to integer is hard to correctly and was fixed by a few patches upstream. |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/b72508c8fce196cd031856574c202490be830649.patch | 2024-04-19 |
| 0071-fix-undefined-behaviors-when-casting-double-to-size_.patch | fix undefined behaviors when casting double to size_t This is needed for fixing CVE-2023-34151 Cast from double to integer is hard to correctly and was fixed by a few patches upstream. |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/88789966667b748f14a904f8c9122274810e8a3e | 2024-04-19 |
| 0072-use-a-different-path-for-positive-and-negative-value.patch | use a different path for positive and negative values This is needed for fixing CVE-2023-34151 Cast from double to integer is hard to correctly and was fixed by a few patches upstream. |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/bc5ac19bd93895e5c6158aad0d8e49a0c50b0ebb.patch | 2024-04-20 | |
| 0073-use-instead-to-work-around-precision-limitations-of-.patch | use >= instead to work around precision limitations of a double. This is needed for fixing CVE-2023-34151 Cast from double to integer is hard to correctly and was fixed by a few patches upstream. |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/3252d4771ff1142888ba83c439588969fcea98e4.patch | 2024-04-23 | |
| 0074-CVE-2023-1289-recursion-detection-fail.patch | CVE-2023-1289: recursion detection fail This is a partial revert of the detection recursion of CVE-2023-1289. |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/1485a4c2cba8ca32981016fa25e7a15ef84f06f6.patch | 2023-03-06 | |
| 0075-improved-fix-for-possible-DoS-for-certain-SVG-constr.patch | improved fix for possible DoS for certain SVG constructs This is partial fix CVE-2023-1289 |
Cristy <mikayla-grace@urban-warrior.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/84ec30550c3146f525383f18a786a6bbd5028a93.patch | 2021-12-23 | |
| 0076-permit-compositing-MPRI-images.patch | permit compositing MPRI images This fix follow up of CVE-2023-1289 |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/4dd4d0df449acb13fb859041b4996af58243e352.patch | 2022-01-29 | |
| 0077-VID-images-not-permitted-when-compositing.patch | VID images not permitted when compositing This fix followup of CVE-2023-1289 |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/f4529c0dcf3a8f96c438086b28fbef8338cda0b1.patch | 2022-01-31 | |
| 0078-do-not-composite-SVG-to-avoid-possible-recursion.patch | do not composite SVG to avoid possible recursion This is part of fix of CVE-2023-1289 |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/75aac79108af0c0b0d7fc88b1f09c340b0d62c85.patch | 2023-03-06 | |
| 0079-recursion-detection-framework.patch | recursion detection framework Avoid a memory leak in previous patches |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/060660bf45e0771cf0431e5c2749aa51fabf23f8.patch | 2023-03-06 | |
| 0080-Fixed-memory-leak.patch | Fixed memory leak. | Dirk Lemstra <dirk@lemstra.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/c90e79b3b22fec309cab55af2ee606f71b027b12.patch | 2023-07-16 | |
| 0001-Update-the-image-depth-after-this-has-been-changed-b.patch | Update the image depth after this has been changed by SetQuantumFormat. | Dirk Lemstra <dirk@lemstra.org> | no | 2025-02-11 | ||
| CVE-2025-53014.patch | Correct out of bounds read of a single byte. | Dirk Lemstra <dirk@lemstra.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03 | 2025-06-26 |
| CVE-2025-53019.patch | Fixed memory leak when entering StreamImage multiple times. | Dirk Lemstra <dirk@lemstra.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c | 2025-06-27 |
| CVE-2025-53101.patch | CVE-2025-53101 | Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/643deeb60803488373cd4799b24d5786af90972e | 2025-06-27 |
| CVE-2025-55154.patch | CVE-2025-55154 | Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/14234b2d3be45af1f71ffafd260532bbd8f81d39 | 2025-08-09 |
| statistic-private.patch | Private alias for easing backport | Bastien Roucariès <rouca@debian.org> | no | backport, https://github.com/ImageMagick/ImageMagick/commit/7e5d87fe6e92b6cc3e96d5175974626317512dd9 | 2025-09-07 | |
| CVE-2025-55212-1.patch | Added checks for invalid with or height to ThumbnailImage | Dirk Lemstra <dirk@lemstra.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick6/commit/5fddcf974342d8e5e02f604bc2297c038e3d4196 | 2025-08-14 |
| CVE-2025-55212-2.patch | CVE-2025-55212 | Cristy <urban-warrior@imagemagick.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick6/commit/3482953ef0af1e538cb776162a8d278141e0b9a0 | 2025-08-17 |
| CVE-2025-55298-pre1.patch | CVE-2025-55298 prepare Crop filename pattern %03d no longer works in ImageMagick 7 (cherry picked from commit 1242136dfdbb2549bacdaddb9b8a5e75fe043789) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/1242136dfdbb2549bacdaddb9b8a5e75fe043789 | 2025-07-19 |
| CVE-2025-55298-pre2.patch | commit 2a68d6873954b05d4fad678dc8ff811416915c48 eliminate compiler exception =================================================================== |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick/commit/2a68d6873954b05d4fad678dc8ff811416915c48 | 2025-07-19 | |
| CVE-2025-55298-pre3.patch | CVE-2025-55298 prepare don't forget the end filename segment (cherry picked from commit 29e72edc9d3a4e87c4d6d102a8e2a7e0e9054ee4) |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick/commit/29e72edc9d3a4e87c4d6d102a8e2a7e0e9054ee4 | 2025-07-19 | |
| CVE-2025-55298-pre4.patch | CVE-2025-55298 prepare more boundary checks (cherry-picked from c70a18c3ac9579e25255fe0279bf81878a403b66) |
Cristy <urban-warrior@imagemagick.org> | no | backport, https://github.com/ImageMagick/ImageMagick/commit/c70a18c3ac9579e25255fe0279bf81878a403b66 | 2025-07-19 | |
| CVE-2025-55298-1.patch | [1/2] CVE-2025-55298 (cherry picked from commit 731ce3a7aa7fabebaa322711c04ce5f5cf22edf4) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/731ce3a7aa7fabebaa322711c04ce5f5cf22edf4 | 2025-08-17 |
| CVE-2025-55298-2.patch | [2/2] CVE-2025-55298 (cherry picked from commit d789bdf7aabb955b88fbc95653aa9dbf6c5d259f) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/d789bdf7aabb955b88fbc95653aa9dbf6c5d259f | 2025-08-17 |
| CVE-2025-57803-pre1.patch | correct bytes per line calculation | Cristy <urban-warrior@imagemagick.org> | no | backport, https://github.com/ImageMagick/ImageMagick6/337225582be0e4b3c6a395c5fcc2732684a2b3ab | 2023-10-20 | |
| CVE-2025-57803.patch | CVE-2025-57803 (cherry picked from commit e49c68c88eed6e68145480a471650daa9ed87217) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/e49c68c88eed6e68145480a471650daa9ed87217 | 2025-08-23 |
| CVE-2025-57807.patch | CVE-2025-57807 (cherry picked from commit ab1bb3d8ed06d0ed6aa5038b6a74aebf53af9ccf) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/ab1bb3d8ed06d0ed6aa5038b6a74aebf53af9ccf | 2025-08-24 |
| CVE-2025-62171.patch | Added extra check to resolve issue on 32-bit systems (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm) (cherry picked from commit 456771fae8baa9558a1421ec8d522e6937d9b2d7) |
Dirk Lemstra <dirk@lemstra.org> | yes | debian upstream | https://github.com/ImageMagick/ImageMagick6/commit/456771fae8baa9558a1421ec8d522e6937d9b2d7 | 2025-10-12 |
| CVE-2025-65955.patch | Correct incorrect free (GHSA-q3hc-j9x5-mp9m) (cherry picked from commit 7d4c27fd4cb2a716a9c1d3346a5e79a692cfe6d8) |
Dirk Lemstra <dirk@lemstra.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/7d4c27fd4cb2a716a9c1d3346a5e79a692cfe6d8 | 2025-11-23 | |
| CVE-2025-66628.patch | Added extra check to avoid an overflow on 32-bit machines (GHSA-6hjr-v6g4-3fm8) (cherry picked from commit 7779f1ff772dfabe545c67fb2f3bfa8f7a845a2d) |
Dirk Lemstra <dirk@lemstra.org> | no | debian | https://github.com/ImageMagick/ImageMagick6/commit/7779f1ff772dfabe545c67fb2f3bfa8f7a845a2d | 2025-12-02 |
| CVE-2025-68469.patch | CVE-2025-68469 While Processing a crafted TIFF file, imagemagick crashes. Note that this patch fix also CVE-2023-3428 that is a variation of CVE-2025-68469 |
Bastien Roucariès <rouca@debian.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/issues/8508#issuecomment-3699838767 | 2025-12-30 |
| CVE-2025-68618.patch | CVE-2025-68618 [backport] - drop unrelated policy patch (cherry picked from commit 693c8497290ea0c7cac75d3068ea4fa70d7d507e) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick6/commit/693c8497290ea0c7cac75d3068ea4fa70d7d507e | 2025-12-21 |
| CVE-2025-68950.patch | CVE-2025-68950 | Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/5655e26ee9032a208ad9add1fde2877205d5e540 | 2025-12-26 |
| CVE-2025-69204.patch | CVE-2025-69204 (cherry picked from commit c46bc2a29d0712499173c6ffda1d38d7dc8861f5) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/c46bc2a29d0712499173c6ffda1d38d7dc8861f5 | 2025-12-27 |
| CVE-2026-23874.patch | MSL: Stack overflow via infinite recursion in ProcessMSLScript (cherry picked from commit fe2970bbbe02c6fe875cc2b269390a3165d57706) |
Cristy <urban-warrior@imagemagick.org> | yes | debian upstream | https://github.com/ImageMagick/ImageMagick6/commit/fe2970bbbe02c6fe875cc2b269390a3165d57706 | 2026-01-15 |
| CVE-2026-23876.patch | Added overflow checks to prevent an out of bounds write (cherry picked from commit 536512a2c60cd6e8c21c1256c2ee4da48d903e0c) |
Dirk Lemstra <dirk@lemstra.org> | yes | debian upstream | https://github.com/ImageMagick6/ImageMagick/commit/536512a2c60cd6e8c21c1256c2ee4da48d903e0c | 2026-01-18 |
| CVE-2026-23952.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8 (cherry picked from commit 0e4023775c8859d2b802e8b459a27b599ca8403a) |
Cristy <urban-warrior@imagemagick.org> | yes | debian upstream | backport, https://github.com/ImageMagick6/ImageMagick/commit/0e4023775c8859d2b802e8b459a27b599ca8403a | 2026-01-15 |
| CVE-2026-24481.patch | Initialize the pixels with empty values to prevent possible heap information disclosure (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36) (cherry picked from commit 38872ec2a70084813883ea152f18497911823c18) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/38872ec2a70084813883ea152f18497911823c18 | 2026-01-25 |
| CVE-2026-24484_1.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS (cherry picked from commit c47b28f700fc454e4f7c16e197a55149120697ea) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/c47b28f700fc454e4f7c16e197a55149120697ea | 2026-01-23 |
| CVE-2026-24484_2.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS (cherry picked from commit 151dcb4f0246d1285cbd756a1f32797894ad5da5) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/151dcb4f0246d1285cbd756a1f32797894ad5da5 | 2026-01-24 |
| CVE-2026-30883.patch | Added extra check to prevent overflow that could result in a heap over-write (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc) (cherry picked from commit 3875619331d2c7c74a80d34665cbc06e6ed4359a) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/3875619331d2c7c74a80d34665cbc06e6ed4359a | 2026-03-06 |
| CVE-2026-30936.patch | CVE-2026-30936 a crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur |
Bastien Roucariès <rouca@debian.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/ffbbd7201e0ba08707849c0053aa703e076bf86e | 2026-03-17 |
| CVE-2026-30937.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg (cherry picked from commit 42e5a37eeb60ca4fdede5060c0aa60802c2dc701) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/42e5a37eeb60ca4fdede5060c0aa60802c2dc701 | 2026-02-28 |
| CVE-2026-24485.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85 When a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service (cherry picked from commit 75904c39049ec0b8d81eb7131bb05c0b23ad3189) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/75904c39049ec0b8d81eb7131bb05c0b23ad3189 | 2026-01-22 |
| CVE-2026-25576_1.patch | No longer allow mutations on the first image of the list (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j (cherry picked from commit 95db8ba0f445a798e823a86acdebe97de73de449) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/95db8ba0f445a798e823a86acdebe97de73de449 | 2026-01-25 |
| CVE-2026-25576_2.patch | Fixed out of bounds read in multiple coders that read raw pixel data (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j) (cherry picked from commit 44b3140f3414ebc02c5fa8b80551f7d33950a87a) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick6/commit/44b3140f3414ebc02c5fa8b80551f7d33950a87a | 2026-01-25 |
| CVE-2026-25638.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c#advisory-comment-159495 (cherry picked from commit c5b4a1c6ff347f66346cbec499f3e881da21faf3) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/c5b4a1c6ff347f66346cbec499f3e881da21faf3 | 2026-02-10 |
| CVE-2026-25795.patch | Fixed NULL pointer dereference in ReadSFWImage (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm) (cherry picked from commit b2b4f0107ba3a4427f1b5ded803c1d2cc77f2a89) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/b2b4f0107ba3a4427f1b5ded803c1d2cc77f2a89 | 2026-02-06 |
| CVE-2026-25796.patch | Prevent memory leak in early exits (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w) (cherry picked from commit 29aeed740553ed4e5c544e101ac468be55a919ff) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/29aeed740553ed4e5c544e101ac468be55a919ff | 2026-02-06 |
| CVE-2026-25797_CVE-2026-25965_CVE-2026-25968_CVE-2026-25982.patch | jumbo security patch: addresses memory leak, stack overflow, out-of-bounds, integer overflow, OOB read Fix CVE-2026-25965, CVE-2026-25797, CVE-2026-25968 and CVE-2026-25982 (cherry picked from commit b4c37614b6da7695cb4f5b3c6e326a37bdf2b1a9) |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/b4c37614b6da7695cb4f5b3c6e326a37bdf2b1a9 | 2026-01-29 | |
| CVE-2026-25797_1_post.patch | fix compiler exception (cherry picked from commit 963cd0771923f4aabfe9047eab0752d88829bcdd) |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick6/commit/b4c37614b6da7695cb4f5b3c6e326a37bdf2b1a9 | 2026-01-29 | |
| CVE-2026-25797_2.patch | Properly escape the strings that are written as raw html (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v) (cherry picked from commit 7284564901441ddb04dadaad306e9f0fb527d71f) |
Dirk Lemstra <dirk@lemstra.org> | no | backport, https://github.com/ImageMagick/ImageMagick6/commit/7284564901441ddb04dadaad306e9f0fb527d71f | 2026-02-20 | |
| CVE-2026-25798.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4 NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. (cherry picked from commit 93a38e3a7bfb7a492409275321eca94df7cd03a7) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/93a38e3a7bfb7a492409275321eca94df7cd03a7 | 2026-02-01 |
| CVE-2026-31853.patch | Corrected the overflow check that can cause issues on 32-bit systems (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56jp-jfqg-f8f4) (cherry picked from commit fa85920aa28ee1887cc3c5d7d5272b3650d3b168) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/fa85920aa28ee1887cc3c5d7d5272b3650d3b168 | 2026-03-02 |
| CVE-2026-25799.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6 a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service (cherry picked from commit 44c687dee38eb1a8053facb4a33dfa1e255875ea) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick6/commit/44c687dee38eb1a8053facb4a33dfa1e255875ea | 2026-01-31 |
| CVE-2026-25897.patch | Added extra check to prevent out of bounds heap write on 32-bit systems (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6j5f-24fw-pqp4) (cherry picked from commit 5e28bb254210580ac12234cc9ba4ae57c193129c) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/5e28bb254210580ac12234cc9ba4ae57c193129c | 2026-02-06 |
| CVE-2026-25898_1.patch | Fixed out of bound read with negative pixel index (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr) (cherry picked from commit 66d3a6497eb89b3ce2a7b86cc23be6d69bce9220) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/66d3a6497eb89b3ce2a7b86cc23be6d69bce9220 | 2026-02-06 |
| CVE-2026-25898_2.patch | Fixed out of bound read with negative pixel index (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr) (cherry picked from commit abfbcfe8e7884deb3560c74569c96ee4b068f3a6) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick6/commit/abfbcfe8e7884deb3560c74569c96ee4b068f3a6 | 2026-02-08 |
| CVE-2026-25970.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file (cherry picked from commit 9dd1ce6d8c1f66971cef275fb31cc079b9f4e186) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/9dd1ce6d8c1f66971cef275fb31cc079b9f4e186 | 2026-02-01 |
| CVE-2026-25983.patch | Run checks before accessing the image (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566). (cherry picked from commit e5d3ca6dfb76dccb5bdf73c74135e0fde2f9d0b7) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/e5d3ca6dfb76dccb5bdf73c74135e0fde2f9d0b7 | 2026-01-26 |
| CVE-2026-25986.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2 a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. (cherry picked from commit 99340686966580c06a1599e247dc41fb59a430c8) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/99340686966580c06a1599e247dc41fb59a430c8 | 2026-02-07 |
| CVE-2026-25987.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7 A heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. (cherry picked from commit a842cd896a19744b5577b6113990faaae14569b0) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick6/commit/a842cd896a19744b5577b6113990faaae14569b0 | 2026-02-07 |
All known versions for source package 'imagemagick'
- 8:7.1.2.18+dfsg1-1 (forky, sid)
- 8:7.1.1.43+dfsg1-1+deb13u7 (trixie-security, trixie-proposed-updates)
- 8:7.1.1.43+dfsg1-1+deb13u5 (trixie)
- 8:6.9.11.60+dfsg-1.6+deb12u8 (bookworm-security)
- 8:6.9.11.60+dfsg-1.6+deb12u7 (bookworm-proposed-updates)
- 8:6.9.11.60+dfsg-1.6+deb12u5 (bookworm)