Debian Patches
Status for imagemagick/8:7.1.1.43+dfsg1-1+deb13u7
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Use-modern-idiom-for-autoconf.patch | Use modern idiom for autoconf | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2015-09-15 | ||
| 0002-Allow-distribution-to-custumize-the-html-pointer-to-.patch | Allow distribution to custumize the html pointer to documentation Allow to say on debian system you might install the imagemagick-doc package |
Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | debian | 2018-02-02 | |
| 0003-Improve-man-page-to-use-version-information-and-quan.patch | Improve man page to use version information and quantum Use ls *.in |sed 's,[.]1.in,,g' |xargs -n1 sh -c 'sed -i "s,$1(1),$1-im@MAGICK_MAJOR_VERSION@.@MAGICK_ABI_SUFFIX_LC@(1),g" *.in' sedtest use ls *.in |sed 's,[.]1.in,,g' |xargs -n1 sh -c 'sed -i "s,fB$1,fB$1-im@MAGICK_MAJOR_VERSION@.@MAGICK_ABI_SUFFIX_LC@,g" *.in' sedtest use ls *.in |sed 's,[.]1.in,,g' |xargs -n1 sh -c 'sed -i "s,.TH $1,.TH $1-im@MAGICK_MAJOR_VERSION@.@MAGICK_ABI_SUFFIX_LC@,g" *.in' sedtest |
Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | no | 2017-03-21 | ||
| 0004-Embeds-date-dependent-on-timezone.patch | Embeds date dependent on timezone Use date -u and dpkg-parsechangelog |
Vagrant Cascadian <vagrant@reproducible-builds.org> | yes | debian | 2021-08-30 | |
| 0005-Add-a-debian-policy.patch | Add a debian policy Install also other policy |
Bastien Roucariès <rouca@debian.org> | no | 2023-10-21 | ||
| 0006-html-DOCTYPE-in-upper-case.patch | html DOCTYPE in upper case find . -name '*.html' -exec sed -i 's,[!]doctype ,!DOCTYPE ,g' {} \; |
Bastien Roucariès <rouca@debian.org> | not-needed | 2024-12-29 | ||
| 0007-html-remove-cache-line.patch | html remove cache line find . -name '*.html' -exec sed -ip 's,^[<][!]-- Magick Cache.*$,,g' {} \; ease apply patches |
Bastien Roucariès <rouca@debian.org> | not-needed | 2024-12-29 | ||
| 0008-Fix-br-tag.patch | Fix br tag find . -path './.git' -prune -o -type 'f' -name '*.html' -exec sed -i 's,<br>,<br />,g' {} \; |
Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2018-02-02 | ||
| 0009-Fix-api-Image-.html.patch | Fix api/Image++.html | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2016-12-14 | ||
| 0010-Fix-www-api-mophologie.html.patch | Fix www/api/mophologie.html | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2016-12-14 | ||
| 0011-Fix-www-command-line-options.html.patch | Fix www/command-line-options.html | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2016-12-14 | ||
| 0012-Fix-remaining-error-in-html-files.patch | Fix remaining error in html files | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | no | 2017-03-18 | ||
| 0013-Fix-html-error-in-api-Image-.html.patch | Fix html error in api/Image++.html | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2017-08-11 | ||
| 0014-Fix-instead-of-lt-and-input-form.patch | Fix < instead of < and input form | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2018-02-03 | ||
| 0015-Fix-another-errors-in-html-files.patch | Fix another errors in html files | Bastien ROUCARIÈS <roucaries.bastien@gmail.com> | invalid | 2018-03-19 | ||
| 0016-Fix-a-few-html-error.patch | Fix a few html error | Bastien Roucariès <rouca@debian.org> | invalid | 2020-07-26 | ||
| 0017-Fix-a-typo-in-manpage.patch | Fix a typo in manpage | Bastien Roucariès <rouca@debian.org> | no | 2020-07-27 | ||
| 0018-Finalize-fixing-error-in-html.patch | Finalize fixing error in html | Bastien Roucariès <rouca@debian.org> | no | 2021-01-11 | ||
| 0019-Fix-www-Magick-index.html.patch | Fix www/Magick++/index.html | Bastien Roucariès <rouca@debian.org> | not-needed | 2023-06-18 | ||
| 0020-Add-input-end-tag.patch | Add input end tag sed -i -e 's,<input \([^>/]*[^/]\)>,<input \1 />,g' *.html |
Bastien Roucariès <rouca@debian.org> | not-needed | 2023-06-18 | ||
| 0021-Fix-another-html-file.patch | Fix another html file | Bastien Roucariès <rouca@debian.org> | not-needed | 2023-06-18 | ||
| 0022-Fix-remaining-http-error.patch | Fix remaining http error | Bastien Roucariès <rouca@debian.org> | not-needed | 2023-06-18 | ||
| 0023-Fix-html-error-in-6.9.12.98-dfsg1.patch | Fix html error in 6.9.12.98+dfsg1 | Bastien Roucariès <rouca@debian.org> | not-needed | 2023-10-10 | ||
| 0024-Fix-remaining-of-html-error.patch | Fix remaining of html error | Bastien Roucariès <rouca@debian.org> | invalid | 2023-11-01 | ||
| 0025-Add-missing-link-flags.patch | Add missing link flags | Bastien Roucariès <rouca@debian.org> | yes | 2023-11-05 | ||
| 0026-New-fix-of-html.patch | New fix of html | Bastien Roucariès <rouca@debian.org> | not-needed | 2023-12-26 | ||
| 0027-Remove-spurious-div.patch | Remove spurious div | Bastien Roucariès <rouca@debian.org> | not-needed | 2024-06-05 | ||
| 0028-Remove-spurious-div.patch | Remove spurious div | Bastien Roucariès <rouca@debian.org> | not-needed | 2024-06-05 | ||
| 0029-Remove-deprecation-warning.patch | Remove deprecation warning For debian it is too early to warn user |
Bastien Roucariès <rouca@debian.org> | not-needed | 2024-06-26 | ||
| 0030-Fix-remaining-www-error.patch | Fix remaining www error | Bastien Roucariès <rouca@debian.org> | not-needed | 2024-10-27 | ||
| 0031-Remove-adsbygoogle-script.patch | Remove adsbygoogle script find . -name '*.html' -exec sed -ip 's,^.*js/adsbygoogle.js.*$,,g' {} \; |
Bastien Roucariès <rouca@debian.org> | not-needed | 2024-12-29 | ||
| 0032-Remove-cse-script.patch | Remove cse script find . -name '*.html' -exec sed -ip 's,^.*localhost/cse.js.*$,,g' {} \; |
Bastien Roucariès <rouca@debian.org> | not-needed | 2024-12-29 | ||
| 0033-Fix-remaining-html-error.patch | Fix remaining html error | Bastien Roucariès <rouca@debian.org> | not-needed | 2024-12-29 | ||
| 0034-Fix-html-error-1034333.patch | Fix html error #1034333 find . -name '*.html' -exec sed -ip 's,^.*src=["]https://github.com/sponsors/ImageMagick/button["].*$,,g' {} \; |
Bastien Roucariès <rouca@debian.org> | no | debian | 2024-12-29 | |
| CVE-2025-43965.patch | Update the image depth after this has been changed by SetQuantumFormat. | Dirk Lemstra <dirk@lemstra.org> | no | https://github.com/ImageMagick/ImageMagick/commit/bac413a26073923d3ffb258adaab07fb3fe8fdc9 | 2025-02-08 | |
| CVE-2025-46393.patch | multispectral MIFF images renders all channels in arbitrary order | Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick/commit/81ac8a0d2eb21739842ed18c48c7646b7eef65b8 | 2025-02-07 | |
| CVE-2025-53014.patch | Correct out of bounds read of a single byte. | Dirk Lemstra <dirk@lemstra.org> | yes | debian upstream | https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03 | 2025-06-26 |
| CVE-2025-53015_1.patch | Added extra checks to make sure we don't get stuck in the while loop. | Dirk Lemstra <dirk@lemstra.org> | yes | debian upstream | https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0 | 2025-05-02 |
| CVE-2025-53015_2.patch | Added missing return. | Dirk Lemstra <dirk@lemstra.org> | yes | debian upstream | https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26 | 2025-05-12 |
| CVE-2025-53101.patch | [PATCH] https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9 | Cristy <urban-warrior@imagemagick.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774 | 2025-06-27 |
| CVE-2025-53019.patch | Fixed memory leak when entering StreamImage multiple times. | Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c | 2025-06-27 |
| CVE-2025-55004.patch | CVE-2025-55004 | Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/55d97055e00a7bc7ae2776c99824002fbb4a72aa | 2025-08-07 |
| CVE-2025-55005.patch | CVE-2025-55005 | Cristy <urban-warrior@imagemagick.org> | yes | upstream | 2025-08-07 | |
| CVE-2025-55154.patch | CVE-2025-55154 | Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/db986e4782e9f6cc42a0e50151dc4fe43641b337 | 2025-08-09 |
| statistic-private.patch | Private alias for easing backport | ImageMagick Packaging Team | no | backport, https://github.com/ImageMagick/ImageMagick/commit/7e5d87fe6e92b6cc3e96d5175974626317512dd9 | 2025-09-07 | |
| CVE-2025-55212_1.patch | CVE-2025-55212 Added checks for invalid with or height to ThumbnailImage (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/43d92bf855155e8e716ecbb50ed94c2ed41ff9f6.patch | 2025-08-14 |
| CVE-2025-55212_2.patch | CVE-2025-55212 [backport] * include private header |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af | 2025-08-17 |
| CVE-2025-55298-pre1.patch | CVE-2025-55298 prepare Crop filename pattern %03d no longer works in ImageMagick 7 |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/82550750ec8f79393b381c3ed349dd495bbab8a7 | 2025-07-19 |
| CVE-2025-55298-pre2.patch | CVE-2025-55298 prepare don't forget the end filename segment |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick/commit/d46d1e5be71c865f674f27ec1031a871c1cc48ab | 2025-07-19 | |
| CVE-2025-55298-pre3.patch | CVE-2025-55298 prepare more boundary checks (cherry picked from commit 6c7c8d5866b9c0ce6cc76a741e05b9482716101e) |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick/commit/6c7c8d5866b9c0ce6cc76a741e05b9482716101e | 2025-07-19 | |
| CVE-2025-55298-1.patch | [1/2] CVE-2025-55298 (cherry picked from commit 1f93323df9d8c011c31bc4c6880390071f7fb895) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/1f93323df9d8c011c31bc4c6880390071f7fb895 | 2025-08-17 |
| CVE-2025-55298-2.patch | [2/2] CVE-2025-55298 (cherry picked from commit 439b362b93c074eea6c3f834d84982b43ef057d5) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5 | 2025-08-17 |
| CVE-2025-57803.patch | CVE-2025-57803 | Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/2c55221f4d38193adcb51056c14cf238fbcc35d7 | 2025-08-23 |
| CVE-2025-57807.patch | CVE-2025-57807 | Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e | 2025-08-24 |
| CVE-2025-62171.patch | Added extra check to resolve issue on 32-bit systems (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm) | Dirk Lemstra <dirk@lemstra.org> | yes | debian upstream | https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00 | 2025-10-12 |
| CVE-2025-62594.patch | CVE-2025-62594 [backport] In order to ease backport minimise difference of image-private.h and add compat wrapper (cherry picked from commit 7b47fe369eda90483402fcd3d78fa4167d3bb129) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/7b47fe369eda90483402fcd3d78fa4167d3bb129 | 2025-10-18 |
| CVE-2025-65955.patch | Correct incorrect free (GHSA-q3hc-j9x5-mp9m) | Dirk Lemstra <dirk@lemstra.org> | no | debian | https://github.com/ImageMagick/ImageMagick/commit/6f81eb15f822ad86e8255be75efad6f9762c32f8 | 2025-11-23 |
| CVE-2025-66628.patch | Added extra check to avoid an overflow on 32-bit machines (GHSA-6hjr-v6g4-3fm8) | Dirk Lemstra <dirk@lemstra.org> | no | debian | https://github.com/ImageMagick/ImageMagick/commit/bdae0681ad1e572defe62df85834218f01e6d670 | 2025-12-02 |
| CVE-2025-68618.patch | CVE-2025-68618 | Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb | 2025-12-21 |
| CVE-2025-68950_pre1.patch | vid: format not supported in vector graphics [backport] - strictly not needed but a good idea to remove unsupported vector graphics format - hardening from a security point of view |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick/commit/678372c9b4c6bad5bbcf998d5eca506103f587eb | 2025-02-09 | |
| CVE-2025-68950.patch | CVE-2025-68950 (cherry picked from commit 204718c2211903949dcfc0df8e65ed066b008dec) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec | 2025-12-26 |
| CVE-2025-69204.patch | CVE-2025-69204 (cherry picked from commit 2c08c2311693759153c9aa99a6b2dcb5f985681e) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e | 2025-12-27 |
| CVE-2026-22770.patch | Correct memset initialization and add an overflow check (GHSA-39h3-g67r-7g3c) | Dirk Lemstra <dirk@lemstra.org> | yes | debian upstream | https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e | 2026-01-04 |
| CVE-2026-23874.patch | MSL: Stack overflow via infinite recursion in ProcessMSLScript (cherry picked from commit 2a09644b10a5b146e0a7c63b778bd74a112ebec3) |
Cristy <urban-warrior@imagemagick.org> | yes | debian upstream | https://github.com/ImageMagick/ImageMagick/commit/2a09644b10a5b146e0a7c63b778bd74a112ebec3 | 2026-01-15 |
| CVE-2026-23876.patch | Added overflow checks to prevent an out of bounds write (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8) (cherry picked from commit 2fae24192b78fdfdd27d766fd21d90aeac6ea8b8) |
Dirk Lemstra <dirk@lemstra.org> | yes | debian upstream | https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 | 2026-01-18 |
| CVE-2026-23952.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8 (cherry picked from commit 1eefab41bc0ab1c6c2c1fd3e4a49e3ee1849751d) |
Cristy <urban-warrior@imagemagick.org> | yes | debian upstream | https://github.com/ImageMagick/ImageMagick/commit/1eefab41bc0ab1c6c2c1fd3e4a49e3ee1849751d | 2026-01-15 |
| CVE-2026-24481.patch | Initialize the pixels with empty values to prevent possible heap information disclosure (GHSA-96pc-27rx-pr36) (cherry picked from commit 51c9d33f4770cdcfa1a029199375d570af801c97) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/51c9d33f4770cdcfa1a029199375d570af801c97 | 2026-01-23 |
| CVE-2026-24484_1.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS (cherry picked from commit 0349df6d43d633bd61bb582d1e1e87d6332de32a) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/0349df6d43d633bd61bb582d1e1e87d6332de32a | 2026-01-23 |
| CVE-2026-24484_2.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS (cherry picked from commit f4525ad83d3876a9a07b74ef1fed4cb21a5332dd) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/f4525ad83d3876a9a07b74ef1fed4cb21a5332dd | 2026-01-24 |
| CVE-2026-24485_1.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85 a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. (cherry picked from commit 332c1566acc2de77857032d3c2504ead6210ff50) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50 | 2026-01-22 |
| CVE-2026-24485_2.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85 a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/55c344f4b514213642da41194bab57b4476fb9f5 | 2026-01-22 |
| CVE-2026-25576.patch | Fixed out of bounds read in multiple coders that read raw pixel data (GHSA-jv4p-gjwq-9r2j) | Dirk Lemstra <dirk@lemstra.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/077b42643212d7da8c1a4f6b2cd0067ebca8ec0f | 2026-01-25 |
| CVE-2026-25637.patch | Fixed possible memory leak (GHSA-gm37-qx7w-p258) (cherry picked from commit 30ce0e8efbd72fd6b50ed3a10ae22f57c8901137) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22f57c8901137 | 2026-02-04 |
| CVE-2026-25638.patch | Fixed memory leak when writing MSL files (GHSA-gxcx-qjqp-8vjw) (cherry picked from commit 1e88fca11c7b8517100d518bc99bd8c474f02f88) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/1e88fca11c7b8517100d518bc99bd8c474f02f88 | 2026-02-03 |
| CVE-2026-25794.patch | Prevent out of bounds heap write in uhdr encoder (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h) (cherry picked from commit ffe589df5ff8ce1433daa4ccb0d2a9fadfbe30ed) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/ffe589df5ff8ce1433daa4ccb0d2a9fadfbe30ed | 2026-02-06 |
| CVE-2026-25795.patch | Fixed NULL pointer dereference in ReadSFWImage (GHSA-p33r-fqw2-rqmm) (cherry picked from commit 0c7d0b9671ae2616fca106dcada45536eb4df5dc) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/0c7d0b9671ae2616fca106dcada45536eb4df5dc | 2026-02-06 |
| CVE-2026-25796.patch | Prevent memory leak in early exits (GHSA-g2pr-qxjg-7r2w) (cherry picked from commit 93ad259ce4f6d641eea0bee73f374af90f35efc3) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/93ad259ce4f6d641eea0bee73f374af90f35efc3 | 2026-02-06 |
| CVE-2026-25797_1.patch | Prevent code injection via PostScript header (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v) (cherry picked from commit 26088a83d71e9daa203d54a56fe3c31f3f85463d) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/26088a83d71e9daa203d54a56fe3c31f3f85463d | 2026-02-06 |
| CVE-2026-25797_2.patch | Properly escape the strings that are written as raw html (GHSA-rw6c-xp26-225v) (cherry picked from commit 81129f79ad622ff4c1d729828a34ab0f49ec89f6) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/81129f79ad622ff4c1d729828a34ab0f49ec89f6 | 2026-02-20 |
| CVE-2026-25798.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4 a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. (cherry picked from commit 16dd3158ce197c6f65e7798a7a5cc4538bb0303e) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/16dd3158ce197c6f65e7798a7a5cc4538bb0303e | 2026-02-01 |
| CVE-2026-25799.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6 a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. (cherry picked from commit 412f3c8bc1d3b6890aad72376cd992c9b5177037) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/412f3c8bc1d3b6890aad72376cd992c9b5177037 | 2026-01-31 |
| CVE-2026-25897.patch | Added extra check to prevent out of bounds heap write on 32-bit systems (GHSA-6j5f-24fw-pqp4) (cherry picked from commit 23fde73188ea32c15b607571775d4f92bdb75e60) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/23fde73188ea32c15b607571775d4f92bdb75e60 | 2026-02-06 |
| CVE-2026-25898_1.patch | Fixed out of bound read with negative pixel index (GHSA-vpxv-r9pg-7gpr) (cherry picked from commit c9c87dbaba56bf82aebd3392e11f0ffd93709b12) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/c9c87dbaba56bf82aebd3392e11f0ffd93709b12 | 2026-02-06 |
| CVE-2026-25898_2.patch | Fixed out of bound read with negative pixel index (GHSA-vpxv-r9pg-7gpr) (cherry picked from commit 21525d8f27b86e8063fe359616086fd6b71eb05b) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/21525d8f27b86e8063fe359616086fd6b71eb05b | 2026-02-08 |
| CVE-2026-25965.patch | Prevent path traversal of paths that are blocked in the security policy (GHSA-8jvj-p28h-9gm7) (cherry picked from commit 4a9dc1075dcad3ab0579e1b37dbe854c882699a5) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/4a9dc1075dcad3ab0579e1b37dbe854c882699a5 | 2026-02-03 |
| CVE-2026-25966.patch | Block reading from fd: in our more secure policies by default (GHSA-xwc6-v6g8-pw2h) (cherry picked from commit 8d4c67a90ae458fb36393a05c0069e9123ac174c) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/8d4c67a90ae458fb36393a05c0069e9123ac174c | 2026-02-03 |
| CVE-2026-25967.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-72hf-fj62-w6j4 a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. (cherry picked from commit 9afe96cc325da1e4349fbd7418675af2f8708c10) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/9afe96cc325da1e4349fbd7418675af2f8708c10 | 2026-01-31 |
| CVE-2026-25968.patch | Patch to resolve possible out of bounds write in the msl decoder (GHSA-3mwp-xqp2-q6ph). (cherry picked from commit 56f02958890b820cf2d0a6ecb04eb6f58ea75628) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/56f02958890b820cf2d0a6ecb04eb6f58ea75628 | 2026-02-03 |
| CVE-2026-25969.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xgm3-v4r9-wfgm a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. (cherry picked from commit a253d1b124ebdcc2832daac6f9a35c362635b40e) [backport] - do not change border parameters, keep old parameter in patch context |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/a253d1b124ebdcc2832daac6f9a35c362635b40e | 2026-01-28 |
| CVE-2026-25970_pre1.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4x This fix int to size_t and is needed for fully fix CVE-2026-25970 (cherry picked from commit 266e59ed8d886a76355c863bd38ff5ac34537673) |
Cristy <urban-warrior@imagemagick.org> | no | backport, https://github.com/ImageMagick/ImageMagick/commit/266e59ed8d886a76355c863bd38ff5ac34537673 | 2026-01-28 | |
| CVE-2026-25970.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr (cherry picked from commit 729253dc16e1a1ec4cac891a12d597e3fa9336b3) a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/729253dc16e1a1ec4cac891a12d597e3fa9336b3 | 2026-02-01 |
| CVE-2026-25971.patch | Keep a splay tree of read files to prevent a stack overflow (GHSA-8mpr-6xr2-chhc) (cherry picked from commit 9313e530b37272b748898febd42b5949756f0179) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/9313e530b37272b748898febd42b5949756f0179 | 2026-02-03 |
| CVE-2026-25982.patch | Added checks to prevent an out of bounds read (GHSA-pmq6-8289-hx3v) (cherry picked from commit 4e1f5381d4ccbb6b71927e94c5d257fa883b3af7) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/4e1f5381d4ccbb6b71927e94c5d257fa883b3af7 | 2026-02-03 |
| CVE-2026-25983_1.patch | No longer allow mutations on the first image of the list (GHSA-fwqw-2x5x-w566) (cherry picked from commit b4f8e1a387dd1d0a0af516071831a235f2fdf437) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/b4f8e1a387dd1d0a0af516071831a235f2fdf437 | 2026-01-25 |
| CVE-2026-25983_2.patch | Run checks before accessing the image (GHSA-fwqw-2x5x-w566). (cherry picked from commit 257200cb21de23404dce5f8261871845d425dee5) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/257200cb21de23404dce5f8261871845d425dee5 | 2026-01-26 |
| CVE-2026-25985.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84 a crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort. (cherry picked from commit 1a51eb9af00c36724660e294520878fd1f13e312) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/1a51eb9af00c36724660e294520878fd1f13e312 | 2026-02-07 |
| CVE-2026-25986.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2 A heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. (cherry picked from commit b9c80ad3ca802b6883da25f153c4fdf72c017eba) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/b9c80ad3ca802b6883da25f153c4fdf72c017eba | 2026-02-07 |
| CVE-2026-25987.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7 a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding (cherry picked from commit bbae0215e1b76830509fd20e6d37c0dd7e3e4c3a) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/bbae0215e1b76830509fd20e6d37c0dd7e3e4c3a | 2026-02-07 |
| CVE-2026-25988.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7 sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks (cherry picked from commit 4354fc1d554ec2e6314aed13536efa7bde9593d2) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/4354fc1d554ec2e6314aed13536efa7bde9593d2 | 2026-02-07 |
| CVE-2026-25989_pre1.patch | https://github.com/ImageMagick/ImageMagick/issues/8556 (cherry picked from commit 4403defdd4e23f98d40ab21dda38f20e5d51e09f) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/403defdd4e23f98d40ab21dda38f20e5d51e09f | 2026-02-04 |
| CVE-2026-25989.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7355-pwx2-pm84 A crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast (cherry picked from commit 5a545ab9d6c3d12a6a76cfed32b87df096729d95) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/5a545ab9d6c3d12a6a76cfed32b87df096729d95 | 2026-02-07 |
| CVE-2026-26066.patch | Fixed possible infinite loop (GHSA-v994-63cg-9wj3) | Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/880057ce34f6da9dff2fe3b290bbbc45b743e613 ( | 2026-02-12 |
| CVE-2026-26283.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails (cherry picked from commit c448c6920a985872072fc7be6034f678c087de9b) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/c448c6920a985872072fc7be6034f678c087de9b | 2026-02-13 |
| CVE-2026-26284.patch | Corrected loop initialization to prevent out of bounds read (GHSA-wrhr-rf8j-r842) (cherry picked from commit 0c9ffcf55763e5daf1b61dfed0deed1aa43e217f) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/0c9ffcf55763e5daf1b61dfed0deed1aa43e217f | 2026-01-27 |
| CVE-2026-26983.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w8mw-frc6-r7m8 the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed (cherry picked from commit 7cfae4da24a995fb05386d77364ff404a7cca7bc) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/7cfae4da24a995fb05386d77364ff404a7cca7bc | 2026-02-16 |
| CVE-2026-27798.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f A heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. (cherry picked from commit 0377e60b3c0d766bd7271221c95d9ee54f6a3738) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738 | 2026-02-17 |
| CVE-2026-27799.patch | Corrected type to avoid an overflow (GHSA-r99p-5442-q2x2) (cherry picked from commit e87695b3227978ad70b967b8d054baaf8ac2cced) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced | 2026-02-10 |
| CVE-2026-28493_1.patch | Corrected typecast to avoid an out of bounds write (GHSA-r39q-jr8h-gcq2) (cherry picked from commit 6cefe972445185cbb9c76651231d52512e0ec14b) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/6cefe972445185cbb9c76651231d52512e0ec14b | 2026-02-28 |
| CVE-2026-28493_2.patch | Added checks for overflows. (cherry picked from commit 47a803cc139a6eebf14fca5f1d5dd25c7782cc98) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/47a803cc139a6eebf14fca5f1d5dd25c7782cc98 | 2026-02-28 |
| CVE-2026-28493_3.patch | Add overflow check to sixel write path (#8587) (cherry picked from commit cd7acd2c4bea5c953fae062d9ce43d11374dcb60) |
Jake Lodwick <jakelodwick@users.noreply.github.com> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/cd7acd2c4bea5c953fae062d9ce43d11374dcb60 | 2026-03-01 |
| CVE-2026-28494.patch | Added checks to avoid possible stack corruption (GHSA-932h-jw47-73jm) (cherry picked from commit a3f2f8680fa01cbce731191789322419efb5954a) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/a3f2f8680fa01cbce731191789322419efb5954a | 2026-02-28 |
| CVE-2026-28686.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885 A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation (cherry picked from commit d622bd6023310d57cec1e8f265095a1979210371) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/d622bd6023310d57cec1e8f265095a1979210371 | 2026-02-22 |
| CVE-2026-28687.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q (cherry picked from commit 3392b4bba6ce076f4d88f5653a42d97b7e4f6970) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/3392b4bba6ce076f4d88f5653a42d97b7e4f6970 | 2026-02-10 |
| CVE-2026-28689_pre1.patch | Introduce a utf8_close define so we can use _close on Windows. (cherry picked from commit 6d9f9f978ff53a75cff0555e8bae51edc4d87d1b) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/6d9f9f978ff53a75cff0555e8bae51edc4d87d1b | 2025-06-06 |
| CVE-2026-28689_1.patch | partial TOCTOU patch: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3 (cherry picked from commit 3eb11260cfe84fddbdcb8d2ed47f92703d1b2987) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/3eb11260cfe84fddbdcb8d2ed47f92703d1b2987 | 2026-02-20 |
| CVE-2026-28689_2.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3 (cherry picked from commit 753ffb699934331b31028d4e271f2f6d6db85074) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/753ffb699934331b31028d4e271f2f6d6db85074 | 2026-02-22 |
| CVE-2026-28690.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7h7q-j33q-hvpf a stack buffer overflow vulnerability exists in the MNG encoder. (cherry picked from commit e6e874875e48dd9838acca3bd22c14a4d2f1b3ca) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/e6e874875e48dd9838acca3bd22c14a4d2f1b3ca | 2026-02-22 |
| CVE-2026-28691.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. (cherry picked from commit 87f619bcd066a3c8e8fae4addb99f15d496ae881) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/87f619bcd066a3c8e8fae4addb99f15d496ae881 | 2026-02-22 |
| CVE-2026-28692.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. (cherry picked from commit cb6cc0611baa4dac59add6439fa1d8af33fc5927) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/cb6cc0611baa4dac59add6439fa1d8af33fc5927 | 2026-02-22 |
| CVE-2026-28693_pre1.patch | https://gist.github.com/mescuwa/9197f4317a69559cdf87d0bfab6fa473 (cherry picked from commit 8f0a198216a701779b7b8784512b0f90613a801f) |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick/commit/8f0a198216a701779b7b8784512b0f90613a801f | 2025-08-23 | |
| CVE-2026-28693_1.patch | Add overflow checks to BMP/DIB write paths and DIB read path (#8573) (cherry picked from commit 33375f93a866830bbaf72f86314fbc3014b9e4c4) |
Jake Lodwick <jakelodwick@users.noreply.github.com> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/33375f93a866830bbaf72f86314fbc3014b9e4c4 | 2026-02-28 |
| CVE-2026-28693_2.patch | Added extra check. (cherry picked from commit 50a0c0d7ebbac39d9eef9d1ef13262861945451c) bug; https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hffp-q43q-qq76 |
Dirk Lemstra <dirk@lemstra.org> | no | https://github.com/ImageMagick/ImageMagick/commit/50a0c0d7ebbac39d9eef9d1ef13262861945451c | 2026-03-01 | |
| CVE-2026-30883.patch | Added extra check to prevent overflow that could result in a heap over-write (GHSA-qmw5-2p58-xvrc) (cherry picked from commit 5897fb65d173a57729026321d5067c9ddca5c56f) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/5897fb65d173a57729026321d5067c9ddca5c56f | 2026-03-06 |
| CVE-2026-30929.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rqq8-jh93-f4vg MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack (cherry picked from commit adf831c442b7dc37da04d73331aba26e388eeb9a) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/adf831c442b7dc37da04d73331aba26e388eeb9a | 2026-03-03 |
| CVE-2026-30931_pre1.patch | Corrected previous patch and added more overflow checks. (cherry picked from commit 31f10b1de591ee71179542a6d06e6885cbafdf71) |
Dirk Lemstra <dirk@lemstra.org> | no | https://github.com/ImageMagick/ImageMagick/commit/31f10b1de591ee71179542a6d06e6885cbafdf71 | 2026-02-08 | |
| CVE-2026-30931.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h95r-c8c7-mrwx a heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write (cherry picked from commit 7fe4dbabe5d50057513d5d16eb9cbfa0734b4848) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/7fe4dbabe5d50057513d5d16eb9cbfa0734b4848 | 2026-03-04 |
| CVE-2026-30935.patch | fix heap over-read in BilateralBlurImage with even-dimension kernels (#8595) The mirrored pixel mapping (mid.x-u, mid.y-v) accesses buffer position (2*mid - u). For even width 2k, mid=k, so u=0 accesses column 2k=width which is one past the buffer end. Reverse the mapping to (u-mid.x, v-mid.y) and use signed arithmetic at all three call sites. (cherry picked from commit ed448e879285db99d2c1207393822713acb510f2) |
ylwango613 <128395302+ylwango613@users.noreply.github.com> | yes | upstream | backport, https://github.com/ImageMagick/ImageMagick/commit/ed448e879285db99d2c1207393822713acb510f2 | 2026-03-03 |
| CVE-2026-30936.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5ggv-92r5-cp4p a crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method (cherry picked from commit ffbbd7201e0ba08707849c0053aa703e076bf86e) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/ffbbd7201e0ba08707849c0053aa703e076bf86e | 2026-03-03 |
| CVE-2026-30937.patch | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. (cherry picked from commit 134f1c17d5dafc565182f9b00304fc08cfa3184e) |
Cristy <urban-warrior@imagemagick.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/134f1c17d5dafc565182f9b00304fc08cfa3184e | 2026-02-28 |
| CVE-2026-31853.patch | Corrected the overflow check that can cause issues on 32-bit systems (GHSA-56jp-jfqg-f8f4) (cherry picked from commit 7936d9c7bec4bd459a8d4b5304a1a6fbf7dac0ea) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/7936d9c7bec4bd459a8d4b5304a1a6fbf7dac0ea | 2026-03-02 |
| CVE-2026-32259.patch | Added extra check to prevent out of bounds write when color reduction fails (GHSA-49hx-7656-jpg3) (cherry picked from commit df934b4721173f8dda33c6d007f9811669640e86) |
Dirk Lemstra <dirk@lemstra.org> | yes | upstream | https://github.com/ImageMagick/ImageMagick/commit/df934b4721173f8dda33c6d007f9811669640e86 | 2026-03-07 |
| msl-fix_pre1.patch | =?utf-8?q?standards=E2=80=91compliant_thread_id_string?= (cherry picked from commit efd91b90c2d974ea098412f08ddc3aa93eeb2d05) |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick/commit/efd91b90c2d974ea098412f08ddc3aa93eeb2d05 | 2026-02-14 | |
| msl-fix_pre2.patch | eliminate compiler warning (cherry picked from commit 7b0899bb0a0105bedfaf8b865474a713e8f0f1d6) |
Cristy <urban-warrior@imagemagick.org> | no | https://github.com/ImageMagick/ImageMagick/commit/7b0899bb0a0105bedfaf8b865474a713e8f0f1d6 | 2026-02-14 | |
| msl-fix_pre3.patch | private method name change (cherry picked from commit 8f3c54fb804112cf5336e927917574f223ae89fa) [backport] - no svg and msl change (see next patch) |
Cristy <urban-warrior@imagemagick.org> | no | backport, https://github.com/ImageMagick/ImageMagick/commit/8f3c54fb804112cf5336e927917574f223ae89fa | 2026-02-15 | |
| msl-fix_pre4.patch | Add MagickSscanf | Bastien Roucariès <rouca@debian.org> | no | https://sources.debian.org/src/imagemagick/8%3A7.1.2.16%2Bdfsg1-1/MagickCore/string-private.h#L28 | 2026-03-16 | |
| msl-svg-coder-port-to-7.1.2-16.patch | Port to msl/svg coder to 7.1.2-16 This fix CVE-2026-28688 and other msl CVEs |
Bastien Roucariès <rouca@debian.org> | no | https://sources.debian.org/src/imagemagick/8%3A7.1.2.16%2Bdfsg1-1/coders/svg.c | 2026-03-16 | |
| msl-fix-post1.patch | Add private method MagickSafeReciprocal | Bastien Roucariès <rouca@debian.org> | no | backport, https://github.com/ImageMagick/ImageMagick/commit/7e5d87fe6e92b6cc3e96d5175974626317512dd9 | 2026-03-16 |
All known versions for source package 'imagemagick'
- 8:7.1.2.18+dfsg1-1 (sid)
- 8:7.1.2.16+dfsg1-1 (forky)
- 8:7.1.1.43+dfsg1-1+deb13u7 (trixie-proposed-updates, trixie-security)
- 8:7.1.1.43+dfsg1-1+deb13u5 (trixie)
- 8:6.9.11.60+dfsg-1.6+deb12u7 (bookworm-security, bookworm-proposed-updates)
- 8:6.9.11.60+dfsg-1.6+deb12u5 (bookworm)