CLSA-2026-1774283917 Fix CVE(s): CVE-2026-25970

SECURITY UPDATE: memory corruption and denial-of-service via malicious SIXEL images - debian/patches/CVE-2026-25970.patch: Correct misspelled position variables and adjust variable types; fix out-of-bounds write caused by incorrect bounds checks and signed/unsigned type misuse. - CVE-2026-25970...

GHSA-XG29-8GHV-V4XR ImageMagick Has Signed Integer Overflow in SIXEL Decoder, Leading to Memory Corruption

A signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed...

CVE-2025-1052 Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

CVE-2025-1052

CVE-2025-1052 affects Mintty. The vulnerability arises in the sixel image parsing code, where the length of user-supplied data is not properly validated before copying into a heap-based buffer, leading to a heap-based buffer overflow and remote code execution. Impact is described as requiring use...