ELA-1133-2 imagemagick regression update

regression update

2024-07-23
Packageimagemagick
Version8:6.9.10.23+dfsg-2.1+deb10u9 (buster)
Related CVEs CVE-2023-34151


The Imagemagick security update issued as ELA 1133-1 addressed the vulnerability identified by CVE-2023-34151. The fix for that CVE introduced a regression.

A Magick Vector Graphics file including a pattern operator could return an incorrect bounding box, and thus generate a corrupted pattern.



For Debian 10 buster, these problems have been fixed in version 8:6.9.10.23+dfsg-2.1+deb10u9.

We recommend that you upgrade your imagemagick packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.