DEBIAN-CVE-2026-42050

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-42050

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-42050.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-42050

Upstream

CVE-2026-42050

Published

2026-05-11T20:25:42.280Z

Modified

2026-05-17T23:03:57.401996Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerability is fixed in 7.1.2-21 and 6.9.13-46.

References

https://security-tracker.debian.org/tracker/CVE-2026-42050

Affected packages

Debian:11 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.11.60+dfsg-1.3

8:6.9.11.60+dfsg-1.3+deb11u1

8:6.9.11.60+dfsg-1.3+deb11u2

8:6.9.11.60+dfsg-1.3+deb11u3

8:6.9.11.60+dfsg-1.3+deb11u4

8:6.9.11.60+dfsg-1.3+deb11u5

8:6.9.11.60+dfsg-1.3+deb11u6

8:6.9.11.60+dfsg-1.3+deb11u7

8:6.9.11.60+dfsg-1.3+deb11u8

8:6.9.11.60+dfsg-1.3+deb11u9

8:6.9.11.60+dfsg-1.3+deb11u10

8:6.9.11.60+dfsg-1.3+deb11u11

8:6.9.11.60+dfsg-1.3+deb11u12

8:6.9.11.60+dfsg-1.4

8:6.9.11.60+dfsg-1.5

8:6.9.11.60+dfsg-1.6

8:6.9.12.20+dfsg1-1

8:6.9.12.20+dfsg1-1.1

8:6.9.12.20+dfsg1-1.2

8:6.9.12.98+dfsg1-1

8:6.9.12.98+dfsg1-2

8:6.9.12.98+dfsg1-3

8:6.9.12.98+dfsg1-4

8:6.9.12.98+dfsg1-5

8:6.9.12.98+dfsg1-5.1~exp1

8:6.9.12.98+dfsg1-5.1

8:6.9.12.98+dfsg1-5.2

8:6.9.13.12+dfsg1-1

8:7.*

8:7.1.1.33+dfsg1-1

8:7.1.1.33+dfsg1-2

8:7.1.1.39+dfsg1-1

8:7.1.1.39+dfsg1-2

8:7.1.1.39+dfsg1-3

8:7.1.1.43+dfsg1-1

8:7.1.1.46+dfsg1-1

8:7.1.1.47+dfsg1-1

8:7.1.1.47+dfsg1-2

8:7.1.2.1+dfsg1-1

8:7.1.2.3+dfsg1-1

8:7.1.2.7+dfsg1-1

8:7.1.2.8+dfsg1-1

8:7.1.2.12+dfsg1-1

8:7.1.2.13+dfsg1-1

8:7.1.2.15+dfsg1-1

8:7.1.2.15+dfsg1-2

8:7.1.2.16+dfsg1-1

8:7.1.2.18+dfsg1-1

8:7.1.2.19+dfsg1-1

8:7.1.2.21+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-42050.json"

Debian:12 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.11.60+dfsg-1.6

8:6.9.11.60+dfsg-1.6+deb12u1

8:6.9.11.60+dfsg-1.6+deb12u2

8:6.9.11.60+dfsg-1.6+deb12u3

8:6.9.11.60+dfsg-1.6+deb12u4

8:6.9.11.60+dfsg-1.6+deb12u5

8:6.9.11.60+dfsg-1.6+deb12u6

8:6.9.11.60+dfsg-1.6+deb12u7

8:6.9.11.60+dfsg-1.6+deb12u8

8:6.9.11.60+dfsg-1.6+deb12u9

8:6.9.12.20+dfsg1-1

8:6.9.12.20+dfsg1-1.1

8:6.9.12.20+dfsg1-1.2

8:6.9.12.98+dfsg1-1

8:6.9.12.98+dfsg1-2

8:6.9.12.98+dfsg1-3

8:6.9.12.98+dfsg1-4

8:6.9.12.98+dfsg1-5

8:6.9.12.98+dfsg1-5.1~exp1

8:6.9.12.98+dfsg1-5.1

8:6.9.12.98+dfsg1-5.2

8:6.9.13.12+dfsg1-1

8:7.*

8:7.1.1.33+dfsg1-1

8:7.1.1.33+dfsg1-2

8:7.1.1.39+dfsg1-1

8:7.1.1.39+dfsg1-2

8:7.1.1.39+dfsg1-3

8:7.1.1.43+dfsg1-1

8:7.1.1.46+dfsg1-1

8:7.1.1.47+dfsg1-1

8:7.1.1.47+dfsg1-2

8:7.1.2.1+dfsg1-1

8:7.1.2.3+dfsg1-1

8:7.1.2.7+dfsg1-1

8:7.1.2.8+dfsg1-1

8:7.1.2.12+dfsg1-1

8:7.1.2.13+dfsg1-1

8:7.1.2.15+dfsg1-1

8:7.1.2.15+dfsg1-2

8:7.1.2.16+dfsg1-1

8:7.1.2.18+dfsg1-1

8:7.1.2.19+dfsg1-1

8:7.1.2.21+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-42050.json"

Debian:13 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:7.*

8:7.1.1.43+dfsg1-1

8:7.1.1.43+dfsg1-1+deb13u1

8:7.1.1.43+dfsg1-1+deb13u2

8:7.1.1.43+dfsg1-1+deb13u3

8:7.1.1.43+dfsg1-1+deb13u4

8:7.1.1.43+dfsg1-1+deb13u5

8:7.1.1.43+dfsg1-1+deb13u6

8:7.1.1.43+dfsg1-1+deb13u7

8:7.1.1.43+dfsg1-1+deb13u8

8:7.1.1.46+dfsg1-1

8:7.1.1.47+dfsg1-1

8:7.1.1.47+dfsg1-2

8:7.1.2.1+dfsg1-1

8:7.1.2.3+dfsg1-1

8:7.1.2.7+dfsg1-1

8:7.1.2.8+dfsg1-1

8:7.1.2.12+dfsg1-1

8:7.1.2.13+dfsg1-1

8:7.1.2.15+dfsg1-1

8:7.1.2.15+dfsg1-2

8:7.1.2.16+dfsg1-1

8:7.1.2.18+dfsg1-1

8:7.1.2.19+dfsg1-1

8:7.1.2.21+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-42050.json"

Debian:14 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:7.1.2.21+dfsg1-1

Affected versions

8:7.*

8:7.1.1.43+dfsg1-1

8:7.1.1.46+dfsg1-1

8:7.1.1.47+dfsg1-1

8:7.1.1.47+dfsg1-2

8:7.1.2.1+dfsg1-1

8:7.1.2.3+dfsg1-1

8:7.1.2.7+dfsg1-1

8:7.1.2.8+dfsg1-1

8:7.1.2.12+dfsg1-1

8:7.1.2.13+dfsg1-1

8:7.1.2.15+dfsg1-1

8:7.1.2.15+dfsg1-2

8:7.1.2.16+dfsg1-1

8:7.1.2.18+dfsg1-1

8:7.1.2.19+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-42050.json"