Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
Old ImageMagick versions can leak sensitive image data
DEBIAN-CVE-2026-26284
Summary
Outdated versions of ImageMagick may leak sensitive data from image files. If you use ImageMagick to edit or manipulate images, update to the latest version to prevent potential data exposure. If you can't update, consider avoiding use of PCD files or converting them to a different format.
What to do
- Update debian imagemagick to version 8:7.1.1.43+dfsg1-1+deb13u6.
- Update debian imagemagick to version 8:7.1.2.15+dfsg1-1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | imagemagick | All versions | – |
| debian | imagemagick | All versions | – |
| debian | imagemagick | <= 8:7.1.1.43+dfsg1-1+deb13u6 | 8:7.1.1.43+dfsg1-1+deb13u6 |
| debian | imagemagick | <= 8:7.1.2.15+dfsg1-1 | 8:7.1.2.15+dfsg1-1 |
Original title
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing H...
Original description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
osv CVSS3.1
9.1
- https://security-tracker.debian.org/tracker/CVE-2026-26284 Vendor Advisory
Published: 24 Feb 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026