Debian Security Advisory
DSA-5347-1 imagemagick -- security update
- Date Reported:
- 13 Feb 2023
- Affected Packages:
- imagemagick
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2022-44267, CVE-2022-44268.
- More information:
-
Bryan Gonzalez discovered that the PNG support in Imagemagick could be tricked into embedding the content of an arbitrary file when converting an image file.
For the stable distribution (bullseye), these problems have been fixed in version 8:6.9.11.60+dfsg-1.3+deb11u1.
We recommend that you upgrade your imagemagick packages.
For the detailed security status of imagemagick please refer to its security tracker page at: https://security-tracker.debian.org/tracker/imagemagick