Your message dated Sun, 03 May 2026 20:04:24 +0000
with message-id <[email protected]>
and subject line Bug#1134627: fixed in imagemagick 8:6.9.11.60+dfsg-1.6+deb12u9
has caused the Debian Bug report #1134627,
regarding imagemagick: CVE-2026-40310 and CVE-2026-40311 affect stable suites
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1134627: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134627
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: src:imagemagick
Version: 8:7.1.1.43+dfsg1-1+deb13u7
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected]
Dear Maintainer,
The tracker records CVE-2026-40310 and CVE-2026-40311 as fixed in
unstable by 8:7.1.2.19+dfsg1-1, but the fixes do not appear to be
present in the current stable, oldstable, or oldoldstable source
packages.
CVE-2026-40310:
A heap out-of-bounds write in the JP2 encoder when a user specifies an
invalid sampling index.
Upstream advisory:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pwg5-6jfc-crvh
IM7 fix:
https://github.com/ImageMagick/ImageMagick/commit/3d653bea2df085c728a1c8f775808e1e9249dff9
IM6 fix:
https://github.com/ImageMagick/ImageMagick6/commit/4c782c770894fc19029d4408a4de37cc491c7c25
The fix bounds parsed sampling factors with MagickMax(..., 1.0).
Source inspection:
- sid 8:7.1.2.19+dfsg1-1 has the fixed MagickMax guard in coders/jp2.c.
- trixie 8:7.1.1.43+dfsg1-1+deb13u7 still assigns geometry_info.rho
directly in coders/jp2.c.
- bookworm 8:6.9.11.60+dfsg-1.6+deb12u8 and bullseye
8:6.9.11.60+dfsg-1.3+deb11u11 still parse sampling_factor directly
with sscanf into parameters->subsampling_dx/subsampling_dy.
CVE-2026-40311:
A heap use-after-free vulnerability that can cause a crash when reading
and printing values from an invalid XMP profile.
Upstream advisory:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r83h-crwp-3vm7
IM7 fix:
https://github.com/ImageMagick/ImageMagick/commit/5facfecf1abb3fed46a08f614dcc43d1e548e20d
IM6 fix:
https://github.com/ImageMagick/ImageMagick6/commit/ccf3cffe819616b39374594a7b5389fc2d49260d
The fix avoids adding wildcard XMP namespace properties ending in ":*".
Source inspection:
- sid 8:7.1.2.19+dfsg1-1 has the xmp_namespace_length guard in
MagickCore/property.c.
- trixie 8:7.1.1.43+dfsg1-1+deb13u7 does not have that guard in
MagickCore/property.c.
- bookworm 8:6.9.11.60+dfsg-1.6+deb12u8 and bullseye
8:6.9.11.60+dfsg-1.3+deb11u11 do not have that guard in
magick/property.c.
I did not find an existing exact BTS bug for either CVE in my package
bug context checks, but please merge or close this if these are already
tracked elsewhere.
Regards,
James
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.11.60+dfsg-1.6+deb12u9
Done: Bastien Roucariès <[email protected]>
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <[email protected]> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 25 Apr 2026 16:03:16 +0200
Source: imagemagick
Architecture: source
Version: 8:6.9.11.60+dfsg-1.6+deb12u9
Distribution: bookworm-security
Urgency: medium
Maintainer: ImageMagick Packaging Team
<[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Closes: 1134627
Changes:
imagemagick (8:6.9.11.60+dfsg-1.6+deb12u9) bookworm-security; urgency=medium
.
* Fix CVE-2026-25971:
Magick fails to check for circular references between two MSLs,
leading to a stack overflow.
* Fix CVE-2026-33899:
When `Magick` parses an XML file it is possible that a single
zero byte is written out of the bounds.
* Fix CVE-2026-33900:
The viff encoder contains an integer truncation/wraparound
issue on 32-bit builds that could trigger an out of bounds
heap write, potentially causing a crash.
* Fix CVE-2026-33901:
A heap buffer overflow occurs in the MVG decoder that could
result in an out of bounds write when processing a crafted image
* Fix CVE-2026-33905
The -sample operation has an out of bounds read when an
specific offset is set through the `sample:offset` define that could
lead to an out of bounds read.
* Fix CVE-2026-33908:
When Magick processes an XML file with deeply nested structures,
it will exhaust the stack memory, resulting in a Denial of Service
(DoS) attack.
* Fix CVE-2026-34238:
An integer overflow in the despeckle operation causes a heap
buffer overflow on 32-bit builds that will result in an out
of bounds write.
* Fix CVE-2026-40310:
A heap out-of-bounds write in the JP2 encoder with when a user specifies
an invalid sampling index.
* Fix CVE-2026-40311 (Closes: #1134627):
A heap use-after-free vulnerability that can cause a crash when
reading and printing values from an invalid XMP profile.
Checksums-Sha1:
0343e1b2cae03317fe2213b30cec276174b51162 5105
imagemagick_6.9.11.60+dfsg-1.6+deb12u9.dsc
824a63dce5e54bd8b78077d671d8ab06300a8848 9395144
imagemagick_6.9.11.60+dfsg.orig.tar.xz
64cb33cdf430bfee5b9b99e6dce29ad8e05aa220 324340
imagemagick_6.9.11.60+dfsg-1.6+deb12u9.debian.tar.xz
edfcdc7f41526ab05e9d87218daab416624d6eae 8485
imagemagick_6.9.11.60+dfsg-1.6+deb12u9_source.buildinfo
Checksums-Sha256:
5dec0ef2e65a0ec5c2a68915def537296c53a3906e6eb01c1174d6c531da749c 5105
imagemagick_6.9.11.60+dfsg-1.6+deb12u9.dsc
472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144
imagemagick_6.9.11.60+dfsg.orig.tar.xz
f6f3ae9f565fc3e4af376653d5b1750194d4734b12af1ca417f8303791b61b07 324340
imagemagick_6.9.11.60+dfsg-1.6+deb12u9.debian.tar.xz
bde6f6a87bae9303b818ca5c1a1459e9d41abef1d9d78f2b48973b1cae58a377 8485
imagemagick_6.9.11.60+dfsg-1.6+deb12u9_source.buildinfo
Files:
b74a51511e8e8220e67524d00e29da03 5105 graphics optional
imagemagick_6.9.11.60+dfsg-1.6+deb12u9.dsc
8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional
imagemagick_6.9.11.60+dfsg.orig.tar.xz
4cf8ab27a2ef7c2ff2606700000a602f 324340 graphics optional
imagemagick_6.9.11.60+dfsg-1.6+deb12u9.debian.tar.xz
9afb4388a8891fda457b7fc764ebdd33 8485 graphics optional
imagemagick_6.9.11.60+dfsg-1.6+deb12u9_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIyBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmnzxl4ACgkQADoaLapB
CF83lA/4oXu+t4RKjj1X6bxkRB4Fcu9rvui+VVx0L+zcYiJOHs/M6JCYN04yVRm7
nDZfb+9okswhiHQ9/2dVj8kxRsIJGnV6MPUZhmvGJlh/WuRpg54MkolpQZctm+XT
FBLJ2/gm9/be/XJ2mQiU14BJfMfUnDnbp/FF5CkaUagjgNqNGAiQiv8Lo7JWpKaF
G8yG1a7likNYihE/kr6CDP1RM4kVBC8GwnoMPt4CwrdISsJubR4KNLH1tuTRWj0N
DhdYidqX65yGvadzq6fBA7yRCQ2JQ2XgfIlK5JRY/VF7PRXk0E368ECvUHBU+MkB
WTptFMwf9D/coA332ECIPZnOmRCo9q9MXIY7Agb35/dN1vGPH1Zzlk6d4iW5saDF
26se75DxiXwhye3JBEqWbz8/diqvpPoINke4ykbycW81JYWOFrbE4mQpf71hCglN
q/4rcS8RwKMFqywPc+DrR/6hfb00rC4pup9/NEXdLe0jh/WTBMgFkLNY6W7JHVCE
bmw4BBsdwZ/psFP9VWl4GPjnf1ZzH3fPtwHiCy/kroOsHNmM0ptgCl2tlPKnevEj
b2aZzZWY1E8t/CY26ImxdpE2YAHlVDFq3xFbKuPzO96aj7Tk2V5b0ctJH1kcFxGT
fgLN9eTqGbgUeKpYQFHCuN/HnJXl178l2GN3eGBdUjOP3HC4jA==
=8tlJ
-----END PGP SIGNATURE-----
pgpt6U0mVqlEg.pgp
Description: PGP signature
--- End Message ---
