Bug#1126077: marked as done (imagemagick: CVE-2026-23952)

[Debian Bug Tracking System]

Your message dated Thu, 29 Jan 2026 18:47:27 +0000
with message-id <e1vlx39-00000009ze0-3...@fasolo.debian.org>
and subject line Bug#1126077: fixed in imagemagick 8:7.1.1.43+dfsg1-1+deb13u5
has caused the Debian Bug report #1126077,
regarding imagemagick: CVE-2026-23952
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1126077: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126077
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: imagemagick
Version: 8:7.1.2.12+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for imagemagick.

CVE-2026-23952[0]:
| NULL pointer dereference in MSL parser via <comment> tag before
| image load

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-23952
    https://www.cve.org/CVERecord?id=CVE-2026-23952
[1] 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8
[2] 
https://github.com/ImageMagick/ImageMagick/commit/1eefab41bc0ab1c6c2c1fd3e4a49e3ee1849751d
[3] 
https://github.com/ImageMagick/ImageMagick6/commit/0e4023775c8859d2b802e8b459a27b599ca8403a

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: imagemagick
Source-Version: 8:7.1.1.43+dfsg1-1+deb13u5
Done: Bastien Roucariès <ro...@debian.org>

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1126...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès <ro...@debian.org> (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 21 Jan 2026 22:54:51 +0100
Source: imagemagick
Architecture: source
Version: 8:7.1.1.43+dfsg1-1+deb13u5
Distribution: trixie-security
Urgency: high
Maintainer: ImageMagick Packaging Team 
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <ro...@debian.org>
Closes: 1126074 1126075 1126076 1126077
Changes:
 imagemagick (8:7.1.1.43+dfsg1-1+deb13u5) trixie-security; urgency=high
 .
   * Fix CVE-2026-22770 (Closes: #1126074)
     The BilateralBlurImage method will allocate a set of
     double buffers inside AcquireBilateralTLS.
     The last element in the set is not properly initialized.
     This will result in a release of an invalid pointer
     inside DestroyBilateralTLS when the memory allocation fails
   * Fix CVE-2026-23874 (Closes: #1126075)
     a stack overflow was found via infinite recursion in
     MSL (Magick Scripting Language) `<write>` command when
     writing to MSL format.
   * Fix CVE-2026-23876 (Closes: #1126076)
     A heap buffer overflow vulnerability was found in the XBM
     image decoder (ReadXBMImage) allows an attacker to write
     controlled data past the allocated heap buffer when
     processing a maliciously crafted image file.
     Any operation that reads or identifies an image can
     trigger the overflow, making it exploitable via common
     image upload and processing pipelines.
   * Fix CVE-2026-23952 (Closes: 1126077)
     NULL pointer dereference was found in MSL parser via <comment>
     tag before image load
Checksums-Sha1:
 ac3ad08b76340e88e557fe15be92a857b53119aa 5136 
imagemagick_7.1.1.43+dfsg1-1+deb13u5.dsc
 103af0af388a733c043845b228cf3031c16d859b 10501740 
imagemagick_7.1.1.43+dfsg1.orig.tar.xz
 0ecd87899c9b8a8daa1b832d09b6e1977c050f97 290680 
imagemagick_7.1.1.43+dfsg1-1+deb13u5.debian.tar.xz
 634f6313201071dff90afc18205fa7eb4bbfd82a 8270 
imagemagick_7.1.1.43+dfsg1-1+deb13u5_source.buildinfo
Checksums-Sha256:
 8cc5522d20d13c8aefd519b8154adabd57d45e77a6e4d41dad53e41dd6270282 5136 
imagemagick_7.1.1.43+dfsg1-1+deb13u5.dsc
 bcb4f3c78a930a608fa4889f889edbcb384974246ad9407fce1858f2c0607bfe 10501740 
imagemagick_7.1.1.43+dfsg1.orig.tar.xz
 a73149ec1064a299323306cf9a86392b4789735c3e47012c50315f19320a36ef 290680 
imagemagick_7.1.1.43+dfsg1-1+deb13u5.debian.tar.xz
 f12abe74e2ff6579c640a2d3722b288ee792af25e66e7feb86a53dd644689ae7 8270 
imagemagick_7.1.1.43+dfsg1-1+deb13u5_source.buildinfo
Files:
 6d1eb54ae9fd214a01f7d76568d2c172 5136 graphics optional 
imagemagick_7.1.1.43+dfsg1-1+deb13u5.dsc
 01cfb13a7c1813afb50790e431358c6c 10501740 graphics optional 
imagemagick_7.1.1.43+dfsg1.orig.tar.xz
 d1e748754f5be8e0b543d484b0d60942 290680 graphics optional 
imagemagick_7.1.1.43+dfsg1-1+deb13u5.debian.tar.xz
 8b5779309c9496adb24040b5fe0ba976 8270 graphics optional 
imagemagick_7.1.1.43+dfsg1-1+deb13u5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmlzocwACgkQADoaLapB
CF/9SA/+L87y2EH+5zh0Ya4jwO/JlqiKfkssx8+ryr+uppzoj1c3TwS74cGW1/RH
gEvzXD9Rp9wLlHg5ShOfRCgWHDM21D3D+a0XBqReDLP2bLQNOkoExZwJOgD1fltP
0BPOM/xnJk+dCHKakHhIi4Pbv2g+g9nGdKH1Ui+6DItDON+POfwyYZb+8ZiV9FBO
sMiQe2SlO8l5UlOW6Xh7TgZdvdlIMFRqaHosZkAuZ2RVZGohrqQxL7xJ/RbzafP6
GupX86vA1/5ahoy5Qk5s7FM19H6ReqRqkTlMvfZ9dc8K40MG41yVefJooFzN02Hf
SuD1ZL4Ia4mE5wOvyIhP0Qg4Mkot3eKFaszFh02wnH2v0em79hOGxKtAbGQmtcH3
jxy+5PiL4D8qpnAvvmo2ZaH3J8f6INrv5T9u/vD6sh+ESueNEroxVSzdwQG3eEAt
KtvRnyJg4lbTaqpaYnCbAwrHDqnovk6B2qVyIXJvUxALl8tbXa1YJ8Xa+n6hWZ/8
Vcb/F7ozPqqFRcFE9xc30ys1uBzin9V/4HaKyXWguUDb/ZsUDDGwssZW5hIuieV/
sc7OxyAo7TZwXvEQ/uVP5ZCGodZOIgRV5A2IXnRkcW/OHBCa4XFQUMH8dEmToBip
YN3WwdWfVKbBWRZQJJxFS8dXSltKfJhrb6kAYbjSbGIk5FDyxoY=
=eDTl
-----END PGP SIGNATURE-----

pgp672Lxpuseu.pgp
Description: PGP signature

--- End Message ---