Updated ImageMagick packages are available for Debian GNU/Linux 10 (Buster) Extended LTS to address two security issues:
ELA-1133-1 imagemagick security update
ELA-1133-1 imagemagick security update
ELA-1133-1 imagemagick security update
Package : imagemagick
Version : 8:6.9.10.23+dfsg-2.1+deb10u8 (buster)
Related CVEs :
CVE-2023-1289
CVE-2023-34151
Imagemagick a image processing suite was vulnerable.
CVE-2023-1289 fix was incomplete and specially a created SVG file loads itself and causes a segmentation fault.
CVE-2023-34151 fix was incomplete and some variation of initial proof of concept image lead to undefined behaviors by casting double to size_t.
