[ubuntu/resolute-proposed] imagemagick 8:7.1.2.16+dfsg1-1 (Accepted)

Jeremy Bícha jbicha at ubuntu.com
Wed Mar 11 11:56:38 UTC 2026 

imagemagick (8:7.1.2.16+dfsg1-1) unstable; urgency=high

  * New upstream version
  * Drop patch about double free in SVG applied upstream
  * Fix CVE-2026-28493:
    An integer overflow vulnerability exists in the SIXEL decoer.
    The vulnerability allows an attacker to perform an out of bounds
    via a specially crafted image.
  * Fix CVE-2026-28494:
    A stack buffer overflow exists in ImageMagick's morphology kernel
    parsing functions. User-controlled kernel strings exceeding a buffer
    are copied into fixed-size stack buffers via memcpy without bounds
    checking, resulting in stack corruption.
  * Fix CVE-2026-28686:
    A heap-buffer-overflow vulnerability exists in the PCL
    encode due to an undersized output buffer allocation.
  * Fix CVE-2026-28687:
    a heap use-after-free vulnerability in ImageMagick's
    MSL decoder allows an attacker to trigger access to freed memory
    by crafting an MSL file.
  * Fix CVE-2026-28688:
    A heap-use-after-free vulnerability exists in the MSL encoder,
    where a cloned image is destroyed twice. The MSL coder does
    not support writing MSL so the write capability has been removed
  * Fix CVE-2026-28689:
    Domain="path" authorization is checked before final file open/use.
    A symlink swap between check-time and use-time bypasses policy-denied
    read/write
  * Fix CVE-2026-28690:
    A stack buffer overflow vulnerability exists in the MNG encoder.
    There is a bounds checks missing that could corrupting the stack
    with attacker-controlled data.
  * Fix CVE-2026-28691:
    An uninitialized pointer dereference vulnerability exists in the
    JBIG decoder due to a missing check.
  * Fix CVE-2026-28692:
    MAT decoder uses 32-bit arithmetic due to incorrect parenthesization
    resulting in a heap over-read.
  * Fix CVE-2026-28693:
    An integer overflow in DIB coder can result in out of bounds read
    or write
  * Fix CVE-2026-30883:
    An extremely large image profile could result in a heap overflow
    when encoding a PNG image
  * Fix CVE-2026-30929:
    MagnifyImage uses a fixed-size stack buffer. When using a specific image
    it is possible to overflow this buffer and corrupt the stack
  * Fix CVE-2026-30931:
    A heap-based buffer overflow in the UHDR encoder can happen due to
    truncation of a value and it would allow an out of bounds write.
  * Fix CVE-2026-30935:
    BilateralBlurImage contains a heap buffer over-read caused by an incorrect
    conversion. When processing a crafted image with the -bilateral-blur
    operation an out of bounds read can occur.
  * Fix CVE-2026-30936:
    A crafted image could cause an out of bounds heap write inside
    the WaveletDenoiseImage method. When processing a crafted image
    with the -wavelet-denoise operation an out of bounds write can occur.
  * Fix CVE-2026-30937:
    A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can
    cause an undersized heap buffer allocation. When writing a extremely
    large image an out of bounds heap write can occur.

Date: 2026-03-11 04:41:56.921831+00:00
Signed-By: Jeremy Bícha <jbicha at ubuntu.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:7.1.2.16+dfsg1-1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Resolute-changes mailing list