-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 21 Jan 2026 22:54:51 +0100 Source: imagemagick Architecture: source Version: 8:6.9.11.60+dfsg-1.6+deb12u6 Distribution: bookworm-security Urgency: high Maintainer: ImageMagick Packaging Team Changed-By: Bastien Roucariès Closes: 1126075 1126076 1126077 Changes: imagemagick (8:6.9.11.60+dfsg-1.6+deb12u6) bookworm-security; urgency=high . * Fix CVE-2026-23874 (Closes: #1126075) a stack overflow was found via infinite recursion in MSL (Magick Scripting Language) `` command when writing to MSL format. * Fix CVE-2026-23876 (Closes: #1126076) A heap buffer overflow vulnerability was found in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. * Fix CVE-2026-23952 (Closes: 1126077) NULL pointer dereference was found in MSL parser via tag before image load Checksums-Sha1: 8f1920435eb663545836777b075284fc06af8118 5106 imagemagick_6.9.11.60+dfsg-1.6+deb12u6.dsc 824a63dce5e54bd8b78077d671d8ab06300a8848 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz 3a67d62f25cf7f5beba07503074ce94504bdfc50 279512 imagemagick_6.9.11.60+dfsg-1.6+deb12u6.debian.tar.xz 00caf1fa5a3ca5748f387853b19f8be2b3ab2c5e 8249 imagemagick_6.9.11.60+dfsg-1.6+deb12u6_source.buildinfo Checksums-Sha256: 799fed83cad9abf34645cc9390620c6fe4b01a00544e3f52416a0e2dbdef8b26 5106 imagemagick_6.9.11.60+dfsg-1.6+deb12u6.dsc 472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz 7519571167b790528dcee982ba97f5e2ac0c685a7b63215e47c72fb673f87920 279512 imagemagick_6.9.11.60+dfsg-1.6+deb12u6.debian.tar.xz 9bba7b5461a64301d8c2cca7bf68faa1f0a206f0366f4fd8512b8ed3ee3e794c 8249 imagemagick_6.9.11.60+dfsg-1.6+deb12u6_source.buildinfo Files: 72530400c95866003a1c7ddfc247934c 5106 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u6.dsc 8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional imagemagick_6.9.11.60+dfsg.orig.tar.xz e10cecab9b0ab09a9b1259568ba2ef20 279512 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u6.debian.tar.xz 725b1a64c035c9724882ad5b54a32c53 8249 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u6_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmlzoakACgkQADoaLapB CF/j4A/8CMpBl/7dSjucA1bG7yX3hqXithkUImjbkpSKZK1oT593qT1ACEAIVNzq v71xTM9iQnn6kdUJH8EQ+J2XmaSRA1ZRELI9hrwdk4+LnEr4TWtqp/J736IBQRzx yBLY865auTzblDgqs7bF+q6B/nhyKdFT6P8Td4AaSvUJBLekjGvWeeA2YUNWiNYL uQnr5MpXH/XWnE+9SnaYozWTFPkWb/WookRH7UWOmDYNQBKw9T5lBEZepzP4q18q R6JdlmANY6+nQmLn9Cud6U/zxExIeXFgxj7kvVsqaZYfBxuCReWYmbkJqjRUIinc 9JYCUW6eDG3vFv1ul1BlMoiPYTnFsUToWq0y2QQmuya35jx9dARSOrDu+EP7WfWh Y8A2S3HKu61K7V5vPsCnVExnBh9s3Wm+I2OgDBikyBSws7rrJNQoSlgmRLCT1+RY RPgL6sDcCbEHErb4I8M+6rZzJC6fc3IvQe0waSQWT/ZFKt5hJZzgjKwu+ZrEvK0p 8SI6GCQ2P3jSB08de9qAPzyajYykDCD4jj+q68r3PdvPZLJJoD+HdvjQFJAHzTEz lFPhNBgYcW2zJTYNMg+LdLCU8lJ1Maex6KpME2nagFwJK4v3D/3iIxLXtrH5pPUk H8kmVHzhx8huFZGCfbwZQ8R0ZmfDhS3mGqnvq0s1h6fxsXG7dxk= =OfqJ -----END PGP SIGNATURE-----