[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6245-1] imagemagick security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6245-1] imagemagick security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Sun, 3 May 2026 15:01:26 +0000 Message-id: <[🔎] afdjRnSCZt1AWx89@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6245-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2026-25971 CVE-2026-33899 CVE-2026-33900 CVE-2026-33901 CVE-2026-33905 CVE-2026-33908 CVE-2026-34238 CVE-2026-40310 CVE-2026-40311 Multiple security vulnerabilities were discovered in imagemagick, a software suite used for editing and manipulating digital images, which could lead to denial of service, information disclosure or potentially arbitrary code execution if malformed images are processed. For the oldstable distribution (bookworm), these problems have been fixed in version 8:6.9.11.60+dfsg-1.6+deb12u9. We recommend that you upgrade your imagemagick packages. For the detailed security status of imagemagick please refer to its security tracker page at: https://security-tracker.debian.org/tracker/imagemagick Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmn3YO8ACgkQEMKTtsN8 TjaM5RAAuZOn+hRQo4pBBTLEnfu5WuIATOh8xy8hNRgfS76LoQMQNh8VetMEO26u muoumhjcfXj1nTlbvO8L9laF7xlTpatW1CDRYtaiJFwLODNl45qACn43AJ0R4YF8 v4Eem7XSX8ic+ZvGE+taPp0Jr8zscWyL7KrvSOlRiCKuQ4MrGqvFhA/UU0IIPELM +dinoGCv9njMCOEWP+GOpAMzkr4OHkF8HYr0pGrLxiBR7w7oryPBQYIS3+6622Mk jQvmw3AdziClBgQThkLjd9ah884QgtfATHwXSwS+O6hxWbwIHQmWSpiuW8xNwv51 EVQwRuAxfvjbntMS5rkVBQXc5EOgmXLODhsyGtGT0PYZLLmYHyyUIqykOZnM+e31 UTZuPuhBvWmqX1wbWxpJtiRHWTAa5sCaSWxmapJ1tmptxes1aA8arHM6tWHWzvID jlmOe0quklRtr45STLzejWzTKJnyJ1G41J0iKkrDKCpsyp6SE7KkzxzC9WzfYoYE +rP6wdr1M5ZBIf7TxnBu1kbTBKXWzUDxX4aU9N6a/P5YvfmEfZwuG9qMGlMN3RHZ x5UiRS7FesJ9uKH90rtvTyfLgiIK1jr3xNvvixrIC78g+mKC2vKjSX7lZ6wh1ffj DxnWuyHiETewXdska5DEps4+cXitS3zYE9vJ8Dd6Aqo+61QKzms= =035l -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6244-1] incus security update Next by Date: [SECURITY] [DSA 6246-1] openjdk-25 security update Previous by thread: [SECURITY] [DSA 6244-1] incus security update Next by thread: [SECURITY] [DSA 6246-1] openjdk-25 security update Index(es): Date Thread