Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits: 78550e17 by Bastien Roucariès at 2026-03-07T15:17:26+01:00 CVE-2026-25968 Fixed by https://github.com/ImageMagick/ImageMagick6/commit/b4c37614b6da7695cb4f5b3c6e326a37bdf2b1a9#diff-460835d0be9d249e3f9fad97657e346098a6df29b39a1834ffa2e2e897fd03e1R6174 - if (value[len-1] == '%') { - char tmp[100]; + if ((len > 0) && (value[len-1] == '%')) { + char *tmp = AcquireString(value) - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -5024,6 +5024,8 @@ CVE-2026-25968 (ImageMagick is free and open-source software used for editing an - imagemagick 8:7.1.2.15+dfsg1-1 NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/56f02958890b820cf2d0a6ecb04eb6f58ea75628 (7.1.2-14) + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/b4c37614b6da7695cb4f5b3c6e326a37bdf2b1a9 (6.9.13-39) + NOTE: for imagemagick6 fix in included in a jumbo security patch with other fix like CVE-2026-25797 CVE-2026-25967 (ImageMagick is free and open-source software used for editing and mani ...) - imagemagick 8:7.1.2.15+dfsg1-1 [bookworm] - imagemagick <not-affected> (vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78550e17eb216e725293ccce8d66ae465c481e16 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78550e17eb216e725293ccce8d66ae465c481e16 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
