VulnerableCode Package Details - pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u3

Search for packages

Vulnerability	Summary	Fixed by
VCID-29u1-jeu6-kbfa Aliases: CVE-2025-53019	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.	8:7.1.1.43+dfsg1-1+deb13u1 Affected by 0 other vulnerabilities.
VCID-a94z-fw5x-sugj Aliases: CVE-2025-53101	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.	8:7.1.1.43+dfsg1-1+deb13u1 Affected by 0 other vulnerabilities.
VCID-ker7-x9xt-s3d4 Aliases: CVE-2021-20311	A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.	8:7.1.1.43+dfsg1-1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xspy-9x25-xqaq Aliases: CVE-2025-53014	ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.	8:7.1.1.43+dfsg1-1+deb13u1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-29u1-jeu6-kbfa
Aliases:
CVE-2025-53019

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

8:7.1.1.43+dfsg1-1+deb13u1
Affected by 0 other vulnerabilities.

VCID-a94z-fw5x-sugj
Aliases:
CVE-2025-53101

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

8:7.1.1.43+dfsg1-1+deb13u1
Affected by 0 other vulnerabilities.

VCID-ker7-x9xt-s3d4
Aliases:
CVE-2021-20311

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

8:7.1.1.43+dfsg1-1
Affected by 6 other vulnerabilities.

VCID-xspy-9x25-xqaq
Aliases:
CVE-2025-53014

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.

8:7.1.1.43+dfsg1-1+deb13u1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-u1h6-93ev-jucd	In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.	CVE-2025-43965

Vulnerability

Summary

Aliases

VCID-u1h6-93ev-jucd

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.

CVE-2025-43965

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T18:43:33.443030+00:00	Debian Oval Importer	Fixing	VCID-u1h6-93ev-jucd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:10:45.634501+00:00	Debian Importer	Affected by	VCID-ker7-x9xt-s3d4	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:59:32.164204+00:00	Debian Importer	Affected by	VCID-a94z-fw5x-sugj	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:38:42.649076+00:00	Debian Importer	Affected by	VCID-29u1-jeu6-kbfa	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:25:25.678593+00:00	Debian Importer	Affected by	VCID-xspy-9x25-xqaq	https://security-tracker.debian.org/tracker/data/json	37.0.0