Bug#1126075: marked as done (imagemagick: CVE-2026-23874)

[Debian Bug Tracking System]

Your message dated Wed, 21 Jan 2026 23:33:51 +0000
with message-id <e1vihhv-00000006xnf-1...@fasolo.debian.org>
and subject line Bug#1126075: fixed in imagemagick 8:7.1.2.13+dfsg1-1
has caused the Debian Bug report #1126075,
regarding imagemagick: CVE-2026-23874
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1126075: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126075
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: imagemagick
Version: 8:7.1.2.12+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for imagemagick.

CVE-2026-23874[0]:
| ImageMagick is free and open-source software used for editing and
| manipulating digital images. Versions prior to 7.1.2-13 have a stack
| overflow via infinite recursion in MSL (Magick Scripting Language)
| `<write>` command when writing to MSL format. Version 7.1.2-13 fixes
| the issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-23874
    https://www.cve.org/CVERecord?id=CVE-2026-23874
[1] 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844
[2] 
https://github.com/ImageMagick/ImageMagick/commit/2a09644b10a5b146e0a7c63b778bd74a112ebec3
[3] 
https://github.com/ImageMagick/ImageMagick6/commit/fe2970bbbe02c6fe875cc2b269390a3165d57706

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: imagemagick
Source-Version: 8:7.1.2.13+dfsg1-1
Done: Bastien Roucariès <ro...@debian.org>

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1126...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès <ro...@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 21 Jan 2026 22:54:51 +0100
Source: imagemagick
Architecture: source
Version: 8:7.1.2.13+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team 
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <ro...@debian.org>
Closes: 1126074 1126075 1126076 1126077
Changes:
 imagemagick (8:7.1.2.13+dfsg1-1) unstable; urgency=high
 .
   * New upstream version
   * Fix CVE-2026-22770 (Closes: #1126074)
     The BilateralBlurImage method will allocate a set of
     double buffers inside AcquireBilateralTLS.
     The last element in the set is not properly initialized.
     This will result in a release of an invalid pointer
     inside DestroyBilateralTLS when the memory allocation fails
   * Fix CVE-2026-23874 (Closes: #1126075)
     a stack overflow was found via infinite recursion in
     MSL (Magick Scripting Language) `<write>` command when
     writing to MSL format.
   * Fix CVE-2026-23876 (Closes: #1126076)
     A heap buffer overflow vulnerability was found in the XBM
     image decoder (ReadXBMImage) allows an attacker to write
     controlled data past the allocated heap buffer when
     processing a maliciously crafted image file.
     Any operation that reads or identifies an image can
     trigger the overflow, making it exploitable via common
     image upload and processing pipelines.
   * Fix CVE-2026-23952 (Closes: 1126077)
     NULL pointer dereference was found in MSL parser via <comment>
     tag before image load
Checksums-Sha1:
 a6005cdc26c3e9859956313788ad4ef2a8cc2009 5202 imagemagick_7.1.2.13+dfsg1-1.dsc
 c2faca7104b0bfa92eef065504e0889e549a2cc1 10524452 
imagemagick_7.1.2.13+dfsg1.orig.tar.xz
 e50dad0117c55ad6732b7591653e7281eca45dcc 268004 
imagemagick_7.1.2.13+dfsg1-1.debian.tar.xz
 d514ee33ba3686e9ed9e6b023ebf19385cfa4a1e 8336 
imagemagick_7.1.2.13+dfsg1-1_source.buildinfo
Checksums-Sha256:
 47f3ad7fa7667bad841ec5cfa2c82432f346eb407b55abaaf2fcd4afe0372b95 5202 
imagemagick_7.1.2.13+dfsg1-1.dsc
 491e46c2dea8bc92de69d41cb80e9a4cf6a8db1778742f99f82f47203c0e8106 10524452 
imagemagick_7.1.2.13+dfsg1.orig.tar.xz
 18793469ad352b48c006fa07fb471f52efbffbaf6751afee9e0886f70506c638 268004 
imagemagick_7.1.2.13+dfsg1-1.debian.tar.xz
 d6ea1aca3ac34a72eb8a2ddb7596ab6633c53cbf66cbdca721a1ee0c57114128 8336 
imagemagick_7.1.2.13+dfsg1-1_source.buildinfo
Files:
 0980fc4ffc11822f00e137e60ea157ab 5202 graphics optional 
imagemagick_7.1.2.13+dfsg1-1.dsc
 bc179c284f888b7a7e6dff9349b529e0 10524452 graphics optional 
imagemagick_7.1.2.13+dfsg1.orig.tar.xz
 680d623062216faeded8a41599037240 268004 graphics optional 
imagemagick_7.1.2.13+dfsg1-1.debian.tar.xz
 0d96ae4272f3904499ce1168b8dc46a4 8336 graphics optional 
imagemagick_7.1.2.13+dfsg1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

wsG7BAEBCgBvBYJpcV6eCRAAOhotqkEIX0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmfOdXLPsftm58/k92XGqQzrT578Mqan/Egd8PeaSyCl
uxYhBF0Bh7lAokW617D1agA6Gi2qQQhfAACBoBAAq4KPhFsznYGIJI/UPVyZaFX1
depOWbqFEADx9maG3fY9Ve7pH2N1oLF28I2h9oZu+OHGP7+g2t4AKdKvagBTTn2U
yq6X8miUpWaFTVnZUfiVqhT6fZFLDC8PTL3w94XDqwwhSaVJfUwMo2M2JsEfrZ+a
EYOh4SjywvlrsLyF7wqM2rtRYXTYqTMofxVjKTMR1jGjFAeQMvRBDw7cZ8909axf
XIlyR9+zboxrc+oAS3NSyfzMtu/imtv8J8tewNnnHwANGENu5byGnl44kApe52aT
tCImG+wvnYXBIeCNLcCjd3qq5JdnQMrA5Sei61+ROlG2rCsSKKDEqZEMamXATelJ
AXkVToF6FQx+PtcgerZe+GySWlyyYV/4FcEQrFFFyjHYfg36QxC8GA7sP3mWgVJc
g0/BUMNK/taLe42mjP3CJODAwv8gBbNON2kfd0/W+rcwYbTk8005yQBAn5MJ2eUo
DK0Cbu3WK8hQ8Tk2WcTu7EICt5xqjLMtiaku3H/D0UXaeSeCS9EgmdVjkBBGuP5U
KMeWf5znQgxZshLFosnE0tB02oHx8tN+fqfiniJ2rfGcDyrkw5F99DoY5ir7bwtu
vToF3Cv9u0TQYxgbHwlQ77TAbALLrq2VpGdjckev8ullBe+Z7Z9YsoMQg/y3YIGC
AlqnGYkDcuwwkZNmG08=
=3Qzw
-----END PGP SIGNATURE-----

pgpYUHmqHbNSd.pgp
Description: PGP signature

--- End Message ---