Multiple vulnerabilities in ImageMagick, including high-severity issues like CVE-2026-24481 (CVSS 7.5), could lead to information leaks, security policy bypass, denial of service, or arbitrary code execution. Affected versions include ImageMagick prior to 6.9.13-40 and versions 7.0.0-0 through 7.1.2-14. The Debian project has fixed these issues for the oldstable distribution (bookworm) in version 8:6.9.11.60+dfsg-1.6+deb12u7.
[SECURITY] [DSA 6159-1] imagemagick security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6159-1] imagemagick security update From : Moritz Muehlenhoff < jmm@debian.org > Date : Tue, 10 Mar 2026 21:23:25 +0000 Message-id : < [🔎] abCLza3RNrfUb5IZ@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6159-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 10, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2026-24481 CVE-2026-24484 CVE-2026-24485 CVE-2026-25576 CVE-2026-25638 CVE-2026-25795 CVE-2026-25796 CVE-2026-25797 CVE-2026-25798 CVE-2026-25799 CVE-2026-25897 CVE-2026-25898 CVE-2026-25965 CVE-2026-25968 CVE-2026-25970 CVE-2026-25982 CVE-2026-25983 CVE-2026-25986 CVE-2026-25987 CVE-2026-25988 CVE-2026-25989 CVE-2026-26066 CVE-2026-26283 CVE-2026-27798 CVE-2026-27799 Multiple security vulnerabilities were discovered in imagemagick, a software suite used for editing and manipulating digital images, which could lead to information leaks, bypass of security policies, denial of service or arbitrary code execution. For the oldstable distribution (bookworm), these problems have been fixed in version 8:6.9.11.60+dfsg-1.6+deb12u7. We recommend that you upgrade your imagemagick packages. For the detailed security status of imagemagick please refer to its security tracker page at: https://security-tracker.debian.org/tracker/imagemagick Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmmwiwUACgkQEMKTtsN8 TjaCkA//UcYglFpIC92y5S1rgstWlxudohqqFi4kU/tWvtm1k6pfE6rAzLoksypL riu6fiDRjFnso9V8AnDK61nLRYXJdWuOlyE4LzemzmnfKUZFF6WhzspGlqa0QItz irNv39TKSbUuxTEP1gsSg6U0n+UYvdCSjsZuqLbBG+5vjESTfoOBI3RC21ifch62 nBXLZVtP9b26rz9aSu6L0NxaMnpSZ+bonPcPD952iij7cUKXDCJV41KscE6bnfcw 1MXGAiAGJaKYAbze8rgWLbR5sZfj5n74+bJEgnD9Okto5UCnK+gnWec0t0VFUvJM pFue5tFHh8GQJuo1DDBz/4YkM40kWnyRTgTITlGir4iZXCYv8tHX1MfOaEeUl8KB 71543V0E2M8JF7B6om+Cp4nylZ50/1d5ydHzjlJiAAudkQGfJWmoqa9xoktkYtQT KceHq7zShC6oUF4JycLzE/OKkSZsQ02ZA7+jrFj/3o+I22vZALK25M1LbYpFXlIM IxAfgQ+FtdUUrSaOHBj1f7Gn34R2eBY+4q6gBVEYEVpm/uBt7le4McyQTlkWqFrP /kGWoZ5GW8Ec8NOEIsXRuHd0RNCci5bq5xY7hYmfN3EAMADkBFHk5okd1enwqxAE 4D3jiQtDSwtz/AFKOGB3aF+x94D9ta1garf2TgQ/tYjO0IzvVhw= =bmMo -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6158-1] imagemagick security update Previous by thread: [SECURITY] [DSA 6158-1] imagemagick security update Index(es): Date Thread