[ubuntu/questing-security] imagemagick 8:7.1.2.3+dfsg1-1ubuntu0.1 (Accepted)
John Breton
john.breton at canonical.com
Mon May 11 08:25:12 UTC 2026
imagemagick (8:7.1.2.3+dfsg1-1ubuntu0.1) questing-security; urgency=medium
* SEURITY UPDATE: Heap information disclosure
- debian/patches/CVE-2026-24481.patch: Initialize the pixels with
empty values to prevent possible heap information disclosure (GHSA-
96pc-27rx-pr36)
- CVE-2026-24481
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2026-24484-1.patch:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-
wg3g-gvx5-2pmv
- debian/patches/CVE-2026-24484-2.patch:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-
wg3g-gvx5-2pmv
- CVE-2026-24484
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2026-24485-1.patch: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-
pqgj-2p96-rx85
- debian/patches/CVE-2026-24485-2.patch:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-
pqgj-2p96-rx85
- CVE-2026-24485
* SECURITY UPDATE: Path traversal
- debian/patches/CVE-2026-25576.patch: Fixed out of bounds read in
multiple coders that read raw pixel data (GHSA-jv4p-gjwq-9r2j)
- CVE-2026-25576
* SECURITY UPDATE: Memory leak
- debian/patches/CVE-2026-25637.patch: Fixed possible memory leak
(GHSA-gm37-qx7w-p258)
- CVE-2026-25637
* SECURITY UPDATE: Memory leak
- debian/patches/CVE-2026-25638.patch: Fixed memory leak when
writing MSL files (GHSA-gxcx-qjqp-8vjw)
- CVE-2026-25638
* SECURITY UPDATE: Out-of-bounds write
- debian/patches/CVE-2026-25794.patch: Prevent out of bounds heap
write in uhdr encoder
(https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA
-vhqj-f5cj-9x8h)
- CVE-2026-25794
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2026-25795.patch: Fixed NULL pointer
dereference in ReadSFWImage (GHSA-p33r-fqw2-rqmm)
- CVE-2026-25795
* SECURITY UPDATE: Memory leak
- debian/patches/CVE-2026-25796.patch: Prevent memory leak in early
exits (GHSA-g2pr-qxjg-7r2w)
- CVE-2026-25796
* SECURITY UPDATE: Arbitrary code execution
- debian/patches/CVE-2026-25797-1.patch: Prevent code injection via
PostScript header
(https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA
-rw6c-xp26-225v)
- debian/patches/CVE-2026-25797-2.patch: Properly escape the strings
that are written as raw html (GHSA-rw6c-xp26-225v)
- CVE-2026-25797
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2026-25798.patch:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-
p863-5fgm-rgq4
- CVE-2026-25798
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2026-25799.patch:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-
543g-8grm-9cw6
- CVE-2026-25799
* SECURITY UPDATE: Out of bounds heap write
- debian/patches/CVE-2026-25897.patch: Added extra check to prevent
out of bounds heap write on 32-bit systems (GHSA-6j5f-24fw-pqp4)
- CVE-2026-25897
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2026-25898-1.patch: Fixed out of bound read
with negative pixel index (GHSA-vpxv-r9pg-7gpr)
- debian/patches/CVE-2026-25898-2.patch: Fixed out of bound read
with negative pixel index (GHSA-vpxv-r9pg-7gpr)
- CVE-2026-25898
* SECURITY UPDATE: Path traversal
- debian/patches/CVE-2026-25965.patch: Prevent path traversal of
paths that are blocked in the security policy (GHSA-8jvj-p28h-9gm7)
- CVE-2026-25965
Date: 2026-05-07 16:28:10.543276+00:00
Changed-By: John Breton <john.breton at canonical.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:7.1.2.3+dfsg1-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list