Debian 10260 Published by

Updated ImageMagick packages are available for Debian GNU/Linux 10 (Buster) Extended LTS to address two security issues:

ELA-1133-1 imagemagick security update




ELA-1133-1 imagemagick security update

Package : imagemagick
Version : 8:6.9.10.23+dfsg-2.1+deb10u8 (buster)

Related CVEs :
CVE-2023-1289
CVE-2023-34151

Imagemagick a image processing suite was vulnerable.
CVE-2023-1289 fix was incomplete and specially a created SVG file loads itself and causes a segmentation fault.
CVE-2023-34151 fix was incomplete and some variation of initial proof of concept image lead to undefined behaviors by casting double to size_t.

ELA-1133-1 imagemagick security update