DEBIAN-CVE-2026-49219

Source
https://security-tracker.debian.org/tracker/CVE-2026-49219
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-49219.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2026-49219
Upstream
Published
2026-06-10T23:16:49.637Z
Modified
2026-06-21T16:00:08.618936730Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.

References

Affected packages

Debian:13 / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/debian/imagemagick?arch=source&distro=trixie

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8:7.1.1.43+dfsg1-1+deb13u10

Affected versions

8:7.*
8:7.1.1.43+dfsg1-1
8:7.1.1.43+dfsg1-1+deb13u1
8:7.1.1.43+dfsg1-1+deb13u2
8:7.1.1.43+dfsg1-1+deb13u3
8:7.1.1.43+dfsg1-1+deb13u4
8:7.1.1.43+dfsg1-1+deb13u5
8:7.1.1.43+dfsg1-1+deb13u6
8:7.1.1.43+dfsg1-1+deb13u7
8:7.1.1.43+dfsg1-1+deb13u8
8:7.1.1.43+dfsg1-1+deb13u9

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-49219.json"

Debian:14 / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/debian/imagemagick?arch=source&distro=forky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8:7.1.2.24+dfsg1-1

Affected versions

8:7.*
8:7.1.1.43+dfsg1-1
8:7.1.1.46+dfsg1-1
8:7.1.1.47+dfsg1-1
8:7.1.1.47+dfsg1-2
8:7.1.2.1+dfsg1-1
8:7.1.2.3+dfsg1-1
8:7.1.2.7+dfsg1-1
8:7.1.2.8+dfsg1-1
8:7.1.2.12+dfsg1-1
8:7.1.2.13+dfsg1-1
8:7.1.2.15+dfsg1-1
8:7.1.2.15+dfsg1-2
8:7.1.2.16+dfsg1-1
8:7.1.2.18+dfsg1-1
8:7.1.2.19+dfsg1-1
8:7.1.2.21+dfsg1-1
8:7.1.2.23+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-49219.json"