-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 21 Jan 2026 22:54:51 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc imagemagick-common imagemagick-doc libimage-magick-perl libmagick++-6-headers libmagick++-dev libmagickcore-6-headers libmagickcore-dev libmagickwand-6-headers libmagickwand-dev perlmagick
Architecture: all
Version: 8:6.9.11.60+dfsg-1.6+deb12u6
Distribution: bookworm-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) <buildd_amd64-x86-grnet-03@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-common - image manipulation programs -- infrastructure dummy package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 1126075 1126076 1126077
Changes:
 imagemagick (8:6.9.11.60+dfsg-1.6+deb12u6) bookworm-security; urgency=high
 .
   * Fix CVE-2026-23874 (Closes: #1126075)
     a stack overflow was found via infinite recursion in
     MSL (Magick Scripting Language) `<write>` command when
     writing to MSL format.
   * Fix CVE-2026-23876 (Closes: #1126076)
     A heap buffer overflow vulnerability was found in the XBM
     image decoder (ReadXBMImage) allows an attacker to write
     controlled data past the allocated heap buffer when
     processing a maliciously crafted image file.
     Any operation that reads or identifies an image can
     trigger the overflow, making it exploitable via common
     image upload and processing pipelines.
   * Fix CVE-2026-23952 (Closes: 1126077)
     NULL pointer dereference was found in MSL parser via <comment>
     tag before image load
Checksums-Sha1:
 15449ca9107307680c900ad13a3fe2139fab6172 168560 imagemagick-6-common_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 3ca53ca1cb9ebd8db4a7d7998d0bab9ee857cc77 7889720 imagemagick-6-doc_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 fc2240c2d0c66a24917853756ca61fc81cc9556c 1512 imagemagick-common_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 98426fc606a5cc299221c9bdc7e317372a44bdf8 1620 imagemagick-doc_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 5e3ff0e9e0a8988f8a6bacc498c617cc8d87836f 18956 imagemagick_6.9.11.60+dfsg-1.6+deb12u6_all-buildd.buildinfo
 3a08d02516c8c2450f470d71af03a213cb0f63e4 53312 libimage-magick-perl_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 6af14e78c36b4de67a52e5bdb58be55a2804f5e6 47524 libmagick++-6-headers_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 e951faecd229eb4c7a7d19b06dca3a3aadfbaa69 1372 libmagick++-dev_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 57f1c803eb080588d43d80952d05f26c3cd1d6c2 50920 libmagickcore-6-headers_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 77ae79293e2c460ff45cc829019ed5fb0930d873 1340 libmagickcore-dev_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 c0d72f621e3edf645304b336c8500b9e9ad3e9d6 10512 libmagickwand-6-headers_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 8dda4c9a060d831efad54b1bf93a3ea326297337 1328 libmagickwand-dev_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 55aa0e953d6a4e6943908629b8c7fbd139f5bb54 1368 perlmagick_6.9.11.60+dfsg-1.6+deb12u6_all.deb
Checksums-Sha256:
 a4d1adecf3d4a4e3f816d2fb089684e84c046fb02964020aaac5bf2762c6ab27 168560 imagemagick-6-common_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 ca1e8c766eed6cb26c825154673c6eabebbb55b5e05516fdcdf51b51dc8ca831 7889720 imagemagick-6-doc_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 900aeb96e3b7c7740010376d34fe76ed11a723dfe140f88a05b50b5c73460c30 1512 imagemagick-common_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 7b5d69a6e118ebe90a05e6a4901be0f59197aba49cce79a1aa3d7ddae439c67d 1620 imagemagick-doc_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 82df41da6d9106b89e1078996b5bc41f4eeaccf2c8172e3fa54c47b63824c457 18956 imagemagick_6.9.11.60+dfsg-1.6+deb12u6_all-buildd.buildinfo
 da5a123c98e34d362a2eb7e840884b5891ee0bfc0c0aea6e2eb3338b299d33e1 53312 libimage-magick-perl_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 ca56056490822470158eca117a72da1468e9252eebf49a4f950166e7d48357e4 47524 libmagick++-6-headers_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 672ae33948bc5117ae4edf35c56a4a216f1d9bf7920f0ade98387b6b16bce44a 1372 libmagick++-dev_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 84fd9e469d31308e00d30d7ee5be4f8c857da9d98683a99e029812ed1f3c01d1 50920 libmagickcore-6-headers_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 68af2f459242a223e596b6fc2ccdd6ecd0aa23b74b8a296188d0b613a8d1773d 1340 libmagickcore-dev_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 d1aba1e27101e66dda8e49acca3f56c893249e9ae5357a6c5b28b994287c5427 10512 libmagickwand-6-headers_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 795ee0789d23f40f14a45ac0a09539dc4f7c081a336216a89de0bbab2f8ccc1f 1328 libmagickwand-dev_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 9c9aaee3ddd167a048cf9af4d03e7fb15416d28c40f85ef0e1c0d860c1c85794 1368 perlmagick_6.9.11.60+dfsg-1.6+deb12u6_all.deb
Files:
 ceb971e13108565c22f84d1b303758cf 168560 graphics optional imagemagick-6-common_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 9295349f07065af61d8da7b800f976ec 7889720 doc optional imagemagick-6-doc_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 e734dceca8d79df2b85f9d056dfdb313 1512 oldlibs optional imagemagick-common_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 04df959ba32066c71938ad723f5614d2 1620 oldlibs optional imagemagick-doc_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 0ace0c2b60dab8b2f87539f0a003a297 18956 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u6_all-buildd.buildinfo
 739d035341006248d2726fe1405a77d9 53312 perl optional libimage-magick-perl_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 7f4e6f9ae8ed2bfbc85a2f602f37fc49 47524 libdevel optional libmagick++-6-headers_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 3507a4cf51eeb5ef099bfdbe95565c04 1372 oldlibs optional libmagick++-dev_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 833ad11bbda8e4b1e02f3ee77f58d232 50920 libdevel optional libmagickcore-6-headers_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 ae5201f2c968d58cf36fad53b23200fe 1340 oldlibs optional libmagickcore-dev_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 bce477e2c0972180c374ee376de0a71f 10512 libdevel optional libmagickwand-6-headers_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 8fa8174645fa767a0f4866a481d097e6 1328 oldlibs optional libmagickwand-dev_6.9.11.60+dfsg-1.6+deb12u6_all.deb
 60297d05ec849d6fb0759437fda278a9 1368 oldlibs optional perlmagick_6.9.11.60+dfsg-1.6+deb12u6_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEHqtYLkdKRyCY94K8fUw6/tXbAmMFAmlzpuwACgkQfUw6/tXb
AmP9HQ/+Lh6xndv8qR8VyoRDswcZA0XKH/SpR3Pdfg0QIWfd4C5tmrtrd3dOV9CW
91vydEdqCrOTvQrwvSUS/9fIqoTVu5a49D3YuNcJVYNAcIZzL4PFSwzE22bNWGqe
6vl6q3HzDaPxblQtO04iiSWdDf95kTuGvm6hGGe5vyfpJQ06bJiOdwvk72RZIGae
DAirTsal4QnxVE1X/lGFGQvTx5TcDUdtOjVOcVksYEnlcnBaBOSZSCads5k9AFqU
FYlih+MuOwGeRMfJi2QLHO1IaA5jGn2iBFDHIQfQFYjBB5kDbJkn+HNPdZe0Tw0A
FVntgai5minKnDB4DQsy9tkYPLYuus1UvKMuYSoE7WYQU5KA46tf7rTaiPAU9qcr
sIkHRMy/yG4fQ52NnMWygTdQFUWtoazEUMD6uj6qikczIhZkGqqlF10G63jg6W7Z
Jclc2DcmqzeaW5nkDFuKnNqIVFO5sdd0D9jvgfFmGlpP09tgzMbZyZZvKPX/jRAA
Qk/zHu5LwOGZxs7eRlNwJGjeM7dD3xrkr1rw8Zyl2zs5BKL8px/NLUSw6OmQDK2W
b6KGHOslTTjDkXQMdZ0udxf5CiYw8N9MAj7+jq2dw/MPJ3m/N1bceTP0eVyCc5Hj
7x7szGMLc+a5dsi9hZ+aD0CaN2dI9A8rwcQPQc6pQK1vEbIlN00=
=cabv
-----END PGP SIGNATURE-----