ImageMagick can crash or be exploited by malicious image files

Summary

ImageMagick software may crash or be exploited by malicious image files before version 7.1.2-15 or 6.9.13-40. Update to the latest patched version to prevent potential crashes or security issues.

What to do

Update debian imagemagick to version 8:7.1.1.43+dfsg1-1+deb13u6.
Update debian imagemagick to version 8:7.1.2.15+dfsg1-1.

Affected software

Vendor	Product	Affected versions	Fix available
debian	imagemagick	All versions	–
debian	imagemagick	All versions	–
debian	imagemagick	<= 8:7.1.1.43+dfsg1-1+deb13u6	8:7.1.1.43+dfsg1-1+deb13u6
debian	imagemagick	<= 8:7.1.2.15+dfsg1-1	8:7.1.2.15+dfsg1-1

Original title

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIX...

Original description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

osv CVSS3.1 7.5

https://security-tracker.debian.org/tracker/CVE-2026-25970 Vendor Advisory