[Git][security-tracker-team/security-tracker][master] CVE-2026-25968

Sat Mar 7 14:19:07 GMT 2026


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
78550e17 by Bastien Roucariès at 2026-03-07T15:17:26+01:00
CVE-2026-25968

Fixed by https://github.com/ImageMagick/ImageMagick6/commit/b4c37614b6da7695cb4f5b3c6e326a37bdf2b1a9#diff-460835d0be9d249e3f9fad97657e346098a6df29b39a1834ffa2e2e897fd03e1R6174

-                  if (value[len-1] == '%') {
-                   char  tmp[100];
+                  if ((len > 0) && (value[len-1] == '%')) {
+                    char *tmp = AcquireString(value)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5024,6 +5024,8 @@ CVE-2026-25968 (ImageMagick is free and open-source software used for editing an
 	- imagemagick 8:7.1.2.15+dfsg1-1
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/56f02958890b820cf2d0a6ecb04eb6f58ea75628 (7.1.2-14)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/b4c37614b6da7695cb4f5b3c6e326a37bdf2b1a9 (6.9.13-39)
+	NOTE: for imagemagick6 fix in included in a jumbo security patch with other fix like CVE-2026-25797
 CVE-2026-25967 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.2.15+dfsg1-1
 	[bookworm] - imagemagick <not-affected> (vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78550e17eb216e725293ccce8d66ae465c481e16

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78550e17eb216e725293ccce8d66ae465c481e16
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260307/24359dae/attachment.htm>
