Multiple vulnerabilities in ImageMagick, including symlink races, information leaks, denial of service, and potential arbitrary code execution, have been addressed. The CVSS scores for the listed CVEs range from Medium to High, with CVE-2026-25985 rated at 7.5 (HIGH). For Debian Bookworm, these issues are resolved in version 8:6.9.11.60+dfsg-1.6+deb12u8, and users should upgrade their packages immediately.
[SECURITY] [DSA 6210-1] imagemagick security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6210-1] imagemagick security update From : Moritz Muehlenhoff < jmm@debian.org > Date : Tue, 14 Apr 2026 20:29:08 +0000 Message-id : < [🔎] ad6jlOAxWOzj0hee@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6210-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 14, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2026-25796 CVE-2026-25985 CVE-2026-26284 CVE-2026-26983 CVE-2026-28494 CVE-2026-28686 CVE-2026-28687 CVE-2026-28688 CVE-2026-28689 CVE-2026-28690 CVE-2026-28691 CVE-2026-28692 CVE-2026-28693 CVE-2026-30883 CVE-2026-30936 CVE-2026-30937 CVE-2026-31853 CVE-2026-32259 CVE-2026-32636 CVE-2026-33535 CVE-2026-33536 Multiple security vulnerabilities were discovered in imagemagick, a software suite used for editing and manipulating digital images, which could lead to symlink races, information leaks, denial of service and potentially arbitrary code execution. For the oldstable distribution (bookworm), these problems have been fixed in version 8:6.9.11.60+dfsg-1.6+deb12u8. We recommend that you upgrade your imagemagick packages. For the detailed security status of imagemagick please refer to its security tracker page at: https://security-tracker.debian.org/tracker/imagemagick Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmneo3gACgkQEMKTtsN8 TjZKAA/+J1ZZzoAriBsmizfuwF/PX6ZFuld3ykVKgjDtDTMAKDuaxk8F3QD5cQd2 Vtqv76+cnIITlYT1G96PHySzH6uiwY89BigE+gmIU0U3sTyb2lJiQoIj83XL42DM ARsGYpXfl7Mw5Nyt4PZJJ3il8uqPZEYx+ku3zswnSXIKLA6+JSB2NxanPsRcLyRh EUBPQCkzILCEnu7zTFAtQoQdooMlFQJl8RfcuHPH8CfmGYUEikRAPo0dfohBTe8t mn4OU2KmK63Z+Vvk7x+48bBfbYZZ+egql1ZywpgRa/ULTdUCbKm1lOjGEFPSpq7n d5dGUC9kSmkj+yCk8MO2jJ6Kf24ndm50U5p3zslHI64zHz48ZN73ILPAV5Uk/qco A/trlRASThGWJSjqEdGLXgUa/jIew09QMDAI2ilJysumCjR7Ce5V2Yc5O18+1Tbo nj/uKVoX6l6leM5QvpjdDq3XdYop+I1xvCjB/It83ZaZVXDwWmQ5f3hfaDgeCQRF daBHdVOwkWlGTl4YuBIAZxFLof0ihiyK7D3V+ER9iElSfgHV9Pwq1h+W9qLi71nm qzzqvwcubk56FsjyEvuBbFPf2PySxebK6MF27xjg6XEwMHD/rQCrYQZt9kw94DQm SkLVFpgAtr1cVRdFdbaYWbQ9LPvPU7uCCjV/Flr5g+qLFFUqrNM= =tPm3 -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6209-1] xdg-dbus-proxy security update Next by Date: [SECURITY] [DSA 6211-1] thunderbird security update Previous by thread: [SECURITY] [DSA 6209-1] xdg-dbus-proxy security update Next by thread: [SECURITY] [DSA 6211-1] thunderbird security update Index(es): Date Thread