DEBIAN-CVE-2026-56367

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-56367

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-56367.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-56367

Upstream

CVE-2026-56367

Published

2026-06-21T14:16:25.360Z

Modified

2026-06-22T17:00:17.695122425Z

Severity

6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash.

References

https://security-tracker.debian.org/tracker/CVE-2026-56367

Affected packages

Debian:11 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source&distro=bullseye

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.11.60+dfsg-1.3

8:6.9.11.60+dfsg-1.3+deb11u1

8:6.9.11.60+dfsg-1.3+deb11u2

8:6.9.11.60+dfsg-1.3+deb11u3

8:6.9.11.60+dfsg-1.3+deb11u4

8:6.9.11.60+dfsg-1.3+deb11u5

8:6.9.11.60+dfsg-1.3+deb11u6

8:6.9.11.60+dfsg-1.3+deb11u7

8:6.9.11.60+dfsg-1.3+deb11u8

8:6.9.11.60+dfsg-1.3+deb11u9

8:6.9.11.60+dfsg-1.3+deb11u10

8:6.9.11.60+dfsg-1.3+deb11u11

8:6.9.11.60+dfsg-1.3+deb11u12

8:6.9.11.60+dfsg-1.3+deb11u13

8:6.9.11.60+dfsg-1.4

8:6.9.11.60+dfsg-1.5

8:6.9.11.60+dfsg-1.6

8:6.9.12.20+dfsg1-1

8:6.9.12.20+dfsg1-1.1

8:6.9.12.20+dfsg1-1.2

8:6.9.12.98+dfsg1-1

8:6.9.12.98+dfsg1-2

8:6.9.12.98+dfsg1-3

8:6.9.12.98+dfsg1-4

8:6.9.12.98+dfsg1-5

8:6.9.12.98+dfsg1-5.1~exp1

8:6.9.12.98+dfsg1-5.1

8:6.9.12.98+dfsg1-5.2

8:6.9.13.12+dfsg1-1

8:7.*

8:7.1.1.33+dfsg1-1

8:7.1.1.33+dfsg1-2

8:7.1.1.39+dfsg1-1

8:7.1.1.39+dfsg1-2

8:7.1.1.39+dfsg1-3

8:7.1.1.43+dfsg1-1

8:7.1.1.46+dfsg1-1

8:7.1.1.47+dfsg1-1

8:7.1.1.47+dfsg1-2

8:7.1.2.1+dfsg1-1

8:7.1.2.3+dfsg1-1

8:7.1.2.7+dfsg1-1

8:7.1.2.8+dfsg1-1

8:7.1.2.12+dfsg1-1

8:7.1.2.13+dfsg1-1

8:7.1.2.15+dfsg1-1

8:7.1.2.15+dfsg1-2

8:7.1.2.16+dfsg1-1

8:7.1.2.18+dfsg1-1

8:7.1.2.19+dfsg1-1

8:7.1.2.21+dfsg1-1

8:7.1.2.23+dfsg1-1

8:7.1.2.24+dfsg1-1

8:7.1.2.25+dfsg1-1

8:7.1.2.25+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-56367.json"

Debian:12 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source&distro=bookworm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.11.60+dfsg-1.6

8:6.9.11.60+dfsg-1.6+deb12u1

8:6.9.11.60+dfsg-1.6+deb12u2

8:6.9.11.60+dfsg-1.6+deb12u3

8:6.9.11.60+dfsg-1.6+deb12u4

8:6.9.11.60+dfsg-1.6+deb12u5

8:6.9.11.60+dfsg-1.6+deb12u6

8:6.9.11.60+dfsg-1.6+deb12u7

8:6.9.11.60+dfsg-1.6+deb12u8

8:6.9.11.60+dfsg-1.6+deb12u9

8:6.9.11.60+dfsg-1.6+deb12u10

8:6.9.12.20+dfsg1-1

8:6.9.12.20+dfsg1-1.1

8:6.9.12.20+dfsg1-1.2

8:6.9.12.98+dfsg1-1

8:6.9.12.98+dfsg1-2

8:6.9.12.98+dfsg1-3

8:6.9.12.98+dfsg1-4

8:6.9.12.98+dfsg1-5

8:6.9.12.98+dfsg1-5.1~exp1

8:6.9.12.98+dfsg1-5.1

8:6.9.12.98+dfsg1-5.2

8:6.9.13.12+dfsg1-1

8:7.*

8:7.1.1.33+dfsg1-1

8:7.1.1.33+dfsg1-2

8:7.1.1.39+dfsg1-1

8:7.1.1.39+dfsg1-2

8:7.1.1.39+dfsg1-3

8:7.1.1.43+dfsg1-1

8:7.1.1.46+dfsg1-1

8:7.1.1.47+dfsg1-1

8:7.1.1.47+dfsg1-2

8:7.1.2.1+dfsg1-1

8:7.1.2.3+dfsg1-1

8:7.1.2.7+dfsg1-1

8:7.1.2.8+dfsg1-1

8:7.1.2.12+dfsg1-1

8:7.1.2.13+dfsg1-1

8:7.1.2.15+dfsg1-1

8:7.1.2.15+dfsg1-2

8:7.1.2.16+dfsg1-1

8:7.1.2.18+dfsg1-1

8:7.1.2.19+dfsg1-1

8:7.1.2.21+dfsg1-1

8:7.1.2.23+dfsg1-1

8:7.1.2.24+dfsg1-1

8:7.1.2.25+dfsg1-1

8:7.1.2.25+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-56367.json"

Debian:13 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source&distro=trixie

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:7.*

8:7.1.1.43+dfsg1-1

8:7.1.1.43+dfsg1-1+deb13u1

8:7.1.1.43+dfsg1-1+deb13u2

8:7.1.1.43+dfsg1-1+deb13u3

8:7.1.1.43+dfsg1-1+deb13u4

8:7.1.1.43+dfsg1-1+deb13u5

8:7.1.1.43+dfsg1-1+deb13u6

8:7.1.1.43+dfsg1-1+deb13u7

8:7.1.1.43+dfsg1-1+deb13u8

8:7.1.1.43+dfsg1-1+deb13u9

8:7.1.1.43+dfsg1-1+deb13u10

8:7.1.1.46+dfsg1-1

8:7.1.1.47+dfsg1-1

8:7.1.1.47+dfsg1-2

8:7.1.2.1+dfsg1-1

8:7.1.2.3+dfsg1-1

8:7.1.2.7+dfsg1-1

8:7.1.2.8+dfsg1-1

8:7.1.2.12+dfsg1-1

8:7.1.2.13+dfsg1-1

8:7.1.2.15+dfsg1-1

8:7.1.2.15+dfsg1-2

8:7.1.2.16+dfsg1-1

8:7.1.2.18+dfsg1-1

8:7.1.2.19+dfsg1-1

8:7.1.2.21+dfsg1-1

8:7.1.2.23+dfsg1-1

8:7.1.2.24+dfsg1-1

8:7.1.2.25+dfsg1-1

8:7.1.2.25+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-56367.json"

Debian:14 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source&distro=forky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:7.1.2.15+dfsg1-1

Affected versions

8:7.*

8:7.1.1.43+dfsg1-1

8:7.1.1.46+dfsg1-1

8:7.1.1.47+dfsg1-1

8:7.1.1.47+dfsg1-2

8:7.1.2.1+dfsg1-1

8:7.1.2.3+dfsg1-1

8:7.1.2.7+dfsg1-1

8:7.1.2.8+dfsg1-1

8:7.1.2.12+dfsg1-1

8:7.1.2.13+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-56367.json"