Debian 11 imagemagick Critical DoS Stack Overflow Advisory DLA-4448-1
debian lts
January 24, 2026
imagemagick, a image processing suite, was affected by multiple vulnerabilities CVE-2026-23874 A stack overflow via infinite recursion was found in MSL (Magick Scripting Language) ...
Topics Covered
Summary
CVE-2026-23874
A stack overflow via infinite recursion was found
in MSL (Magick Scripting Language) `
MSL format
CVE-2026-23876
A heap buffer overflow vulnerability was found in the XBM image decoder
(ReadXBMImage) allows an attacker to write controlled data past the
allocated heap buffer when processing a maliciously crafted image file.
Any operation that reads or identifies an image can trigger the overflow,
making it exploitable via common image upload and processing pipelines
CVE-2026-23952
A NULL pointer dereference vulnerability was found in the MSL
(Magick Scripting Language) parser when processing
images are loaded. This can lead to DoS attack (Deny of Service)
For Debian 11 bullseye, these problems have been fixed in version
8:6.9.11.60+dfsg-1.3+deb11u9.
We recommend that you upgrade your imagemagick packages.
For the detailed security status of imagemagick please refer to
its security tracker page at:
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: imagemagick
Version: 8:6.9.11.60+dfsg-1.3+deb11u9
CVE ID: CVE-2026-23874 CVE-2026-23876 CVE-2026-23952
Debian Bug: 1126075 1126076 1126077
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!