| Package | imagemagick |
|---|---|
| Version | 8:6.9.10.23+dfsg-2.1+deb10u9 (buster) |
| Related CVEs | CVE-2023-34151 |
The Imagemagick security update issued as ELA 1133-1 addressed the vulnerability identified by CVE-2023-34151. The fix for that CVE introduced a regression.
A Magick Vector Graphics file including a pattern operator could return an incorrect bounding box, and thus generate a corrupted pattern.
For Debian 10 buster, these problems have been fixed in version 8:6.9.10.23+dfsg-2.1+deb10u9.
We recommend that you upgrade your imagemagick packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.