Version in base suite: 6.9.11.60+dfsg-1.3+deb11u2

Base version: imagemagick_6.9.11.60+dfsg-1.3+deb11u2
Target version: imagemagick_6.9.11.60+dfsg-1.3+deb11u3
Base file: /srv/ftp-master.debian.org/ftp/pool/main/i/imagemagick/imagemagick_6.9.11.60+dfsg-1.3+deb11u2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/i/imagemagick/imagemagick_6.9.11.60+dfsg-1.3+deb11u3.dsc

 changelog                                                               |   41 +
 patches/0040-CVE-2022-32545-undefined-behavior-value-outside-char.patch |   10 
 patches/0041-CVE-2022-32546-outside-the-range-of-representable-va.patch |    2 
 patches/0042-Fix-CVE-2022-32547-unaligned-access-in-property.patch      |    2 
 patches/0043-1-2-CVE-2021-3610-eliminate-heap-buffer-overflow-vul.patch |   27 
 patches/0044-2-2-CVE-2021-3610-eliminate-heap-buffer-overflow-vul.patch |   28 
 patches/0045-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch |   39 +
 patches/0046-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch |   27 
 patches/0047-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch |   29 
 patches/0048-Fix-a-non-initialized-value-passed-to-TIFFGetField.patch   |   23 
 patches/0049-initialize-buffer-before-calling-TIFFGetField.patch        |   83 ++
 patches/0050-Fix-stack-overflow-when-parsing-malicious-tiff-image.patch |   26 
 patches/0051-early-exit-on-exception.patch                              |  152 ++++
 patches/0052-Fix-buffer-overrun-in-TIFF-coder.patch                     |   22 
 patches/0053-Fix-buffer-overrun-in-TIFF-coder.patch                     |   22 
 patches/0054-Fix-buffer-overrun-in-TIFF-coder.patch                     |   23 
 patches/0055-Fix-unintialised-value.patch                               |   63 ++
 patches/0056-CVE-2023-1289-recursion-detection-framework.patch          |  219 +++++++
 patches/0056-Raise-exception-when-image-could-not-be-read-but-no-.patch |   26 
 patches/0057-CVE-2022-1115-heap-based-overflow-with-a-specially-c.patch |   24 
 patches/0057-CVE-2023-1289-recursion-detection.patch                    |   23 
 patches/0058-CVE-2023-1906.patch                                        |   50 +
 patches/0059-1-2-Prepare-CVE-2023-34151-improved-range-checking.patch   |   39 +
 patches/0060-2-2-Prepare-CVE-2023-34151-add-additional-checks-for.patch |   23 
 patches/0061-CVE-2023-34151-properly-cast-double-to-size_t.patch        |  306 ++++++++++
 patches/0062-heap-buffer-overflow-in-ImageMagick-7.1.1-12-contrib.patch |   25 
 patches/0063-Added-check-for-invalid-size.patch                         |   32 +
 patches/0064-improve-BMP-error-checking.patch                           |  111 +++
 patches/0065-CVE-2023-5341.patch                                        |   23 
 patches/series                                                          |   25 
 30 files changed, 1538 insertions(+), 7 deletions(-)

diff -Nru imagemagick-6.9.11.60+dfsg/debian/changelog imagemagick-6.9.11.60+dfsg/debian/changelog
--- imagemagick-6.9.11.60+dfsg/debian/changelog	2023-12-29 11:18:56.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/changelog	2024-02-17 15:31:24.000000000 +0000
@@ -1,3 +1,44 @@
+imagemagick (8:6.9.11.60+dfsg-1.3+deb11u3) bullseye-security; urgency=medium
+
+  * Fix CVE-2021-3610 heap buffer overflow vulnerability in TIFF coder
+  * Fix an heap buffer overflow in TIFF coder
+  * Fix uninitialised value passing in TIFFGetField
+  * Fix stack overflow in TIFF coder
+  * Early exit in case of malformed TIFF file
+  * Fix buffer overrun in TIFF coder
+  * Fix unitialised value in TIFF coder
+  * Fix CVE-2022-1115: Heap based overflow in
+    TIFF coder (Closes: #1013282)
+  * Fix uninitialised value in TIFF coders
+  * Use salsa-ci
+  * Fix CVE-2023-1289: A specially created SVG file loaded itself and
+    causes a segmentation fault. This flaw allows a remote attacker
+    to pass a specially crafted SVG file that leads to a segmentation
+    fault, generating many trash files in "/tmp," resulting in
+    a denial of service. When ImageMagick crashes,
+    it generates a lot of trash files. These trash files
+    can be large if the SVG file contains many render actions.
+    In a denial of service attack, if a remote attacker uploads an SVG file
+    of size t, ImageMagick generates files of size 103*t.
+    If an attacker uploads a 100M SVG, the server will generate about 10G.
+  * Fix CVE-2023-1906: A heap-based buffer overflow issue was
+    discovered in ImageMagick's ImportMultiSpectralQuantum() function
+    in MagickCore/quantum-import.c. An attacker could pass specially
+    crafted file to convert, triggering an out-of-bounds read error,
+    allowing an application to crash, resulting in a denial of service.
+  * Fix CVE-2023-34151: Imagemagick was vulnerable due to
+    an undefined behaviors of casting double to size_t in svg, mvg
+    and other coders. (Closes: #1036999)
+  * Fix CVE-2023-3428: A heap-based buffer overflow vulnerability
+    was found in coders/tiff.c in ImageMagick. This issue
+    may allow a local attacker to trick the user into opening
+    a specially crafted file, resulting in an application crash
+    and denial of service.
+  * Fix CVE-2023-5341: A heap use-after-free flaw was found in
+    coders/bmp.c
+
+ -- Bastien Roucariès <rouca@debian.org>  Sat, 17 Feb 2024 15:31:24 +0000
+
 imagemagick (8:6.9.11.60+dfsg-1.3+deb11u2) bullseye; urgency=medium
 
   * Fix CVE-2021-3574: memory leak was found in TIFF coder
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0040-CVE-2022-32545-undefined-behavior-value-outside-char.patch imagemagick-6.9.11.60+dfsg/debian/patches/0040-CVE-2022-32545-undefined-behavior-value-outside-char.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0040-CVE-2022-32545-undefined-behavior-value-outside-char.patch	2023-12-29 11:12:17.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0040-CVE-2022-32545-undefined-behavior-value-outside-char.patch	2024-02-17 15:30:20.000000000 +0000
@@ -17,7 +17,7 @@
  5 files changed, 19 insertions(+), 5 deletions(-)
 
 diff --git a/coders/emf.c b/coders/emf.c
-index 6a9db..fd93c 100644
+index 6a9db63..fd93c74 100644
 --- a/coders/emf.c
 +++ b/coders/emf.c
 @@ -411,7 +411,8 @@ static HENHMETAFILE ReadEnhMetaFile(const char *path,ssize_t *width,
@@ -31,7 +31,7 @@
        pBits=(BYTE *) DestroyString((char *) pBits);
        return((HENHMETAFILE) NULL);
 diff --git a/coders/psd.c b/coders/psd.c
-index 3dc25..5c70c 100644
+index 3dc25b9..5c70c11 100644
 --- a/coders/psd.c
 +++ b/coders/psd.c
 @@ -1045,8 +1045,9 @@ static MagickBooleanType ReadPSDChannelPixels(Image *image,
@@ -47,7 +47,7 @@
          if (x != (ssize_t) image->columns)
            x--;
 diff --git a/magick/widget.c b/magick/widget.c
-index e93a3..605558 100644
+index e93a3de..605558b 100644
 --- a/magick/widget.c
 +++ b/magick/widget.c
 @@ -7858,6 +7858,8 @@ MagickExport int XMenuWidget(Display *display,XWindows *windows,
@@ -78,7 +78,7 @@
          if ((selection_info.id >= 0) &&
              (selection_info.id < (int) number_selections))
 diff --git a/wand/animate.c b/wand/animate.c
-index 0f704..adc84 100644
+index 0f70436..adc84d8 100644
 --- a/wand/animate.c
 +++ b/wand/animate.c
 @@ -1143,7 +1143,10 @@ WandExport MagickBooleanType AnimateImageCommand(ImageInfo *image_info,
@@ -94,7 +94,7 @@
              break;
            }
 diff --git a/wand/display.c b/wand/display.c
-index b7b9e..27aba 100644
+index b7b9ed9..27abafa 100644
 --- a/wand/display.c
 +++ b/wand/display.c
 @@ -1491,7 +1491,10 @@ WandExport MagickBooleanType DisplayImageCommand(ImageInfo *image_info,
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0041-CVE-2022-32546-outside-the-range-of-representable-va.patch imagemagick-6.9.11.60+dfsg/debian/patches/0041-CVE-2022-32546-outside-the-range-of-representable-va.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0041-CVE-2022-32546-outside-the-range-of-representable-va.patch	2023-12-29 11:12:17.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0041-CVE-2022-32546-outside-the-range-of-representable-va.patch	2024-02-17 15:30:20.000000000 +0000
@@ -11,7 +11,7 @@
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/coders/pcl.c b/coders/pcl.c
-index a6bd6..f1d9a 100644
+index a6bd6a1..f1d9a7d 100644
 --- a/coders/pcl.c
 +++ b/coders/pcl.c
 @@ -294,8 +294,8 @@ static Image *ReadPCLImage(const ImageInfo *image_info,ExceptionInfo *exception)
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0042-Fix-CVE-2022-32547-unaligned-access-in-property.patch imagemagick-6.9.11.60+dfsg/debian/patches/0042-Fix-CVE-2022-32547-unaligned-access-in-property.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0042-Fix-CVE-2022-32547-unaligned-access-in-property.patch	2023-12-29 11:12:17.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0042-Fix-CVE-2022-32547-unaligned-access-in-property.patch	2024-02-17 15:30:20.000000000 +0000
@@ -11,7 +11,7 @@
  1 file changed, 4 insertions(+), 2 deletions(-)
 
 diff --git a/magick/property.c b/magick/property.c
-index 0381b..f83954 100644
+index 0381b4a..f839545 100644
 --- a/magick/property.c
 +++ b/magick/property.c
 @@ -1513,12 +1513,14 @@ static MagickBooleanType GetEXIFProperty(const Image *image,
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0043-1-2-CVE-2021-3610-eliminate-heap-buffer-overflow-vul.patch imagemagick-6.9.11.60+dfsg/debian/patches/0043-1-2-CVE-2021-3610-eliminate-heap-buffer-overflow-vul.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0043-1-2-CVE-2021-3610-eliminate-heap-buffer-overflow-vul.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0043-1-2-CVE-2021-3610-eliminate-heap-buffer-overflow-vul.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,27 @@
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Thu, 27 May 2021 10:32:51 -0400
+Subject: [1/2] CVE-2021-3610 eliminate heap buffer overflow vulnerability in
+ TIFF coder
+
+thanks to ZhangJiaxing (@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group
+
+bug: https://github.com/ImageMagick/ImageMagick6/issues/244
+origin: https://github.com/ImageMagick/ImageMagick6/commit/b307bcadcdf6ea6819951ac1786b7904f27b25c6.patch
+bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2021-3610
+---
+ coders/tiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 8e89ec1..3927224 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1872,7 +1872,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         /*
+           Convert stripped TIFF image.
+         */
+-        extent=2*TIFFStripSize(tiff);
++        extent=4*TIFFStripSize(tiff);
+ #if defined(TIFF_VERSION_BIG)
+         extent+=image->columns*sizeof(uint64);
+ #else
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0044-2-2-CVE-2021-3610-eliminate-heap-buffer-overflow-vul.patch imagemagick-6.9.11.60+dfsg/debian/patches/0044-2-2-CVE-2021-3610-eliminate-heap-buffer-overflow-vul.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0044-2-2-CVE-2021-3610-eliminate-heap-buffer-overflow-vul.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0044-2-2-CVE-2021-3610-eliminate-heap-buffer-overflow-vul.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,28 @@
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Sun, 30 May 2021 20:57:18 -0400
+Subject: [2/2] CVE-2021-3610 eliminate heap buffer overflow vulnerability in
+ TIFF coder
+
+Thanks to ZhangJiaxing (@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group
+
+bug: https://github.com/ImageMagick/ImageMagick6/issues/244
+origin: https://github.com/ImageMagick/ImageMagick6/commit/b307bcadcdf6ea6819951ac1786b7904f27b25c6.patch
+bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2021-3610
+(cherry picked from commit c75ae771a00c38b757c5ef4b424b51e761b02552)
+---
+ coders/tiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 3927224..1c84442 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1872,7 +1872,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         /*
+           Convert stripped TIFF image.
+         */
+-        extent=4*TIFFStripSize(tiff);
++        extent=(samples_per_pixel+1)*TIFFStripSize(tiff);
+ #if defined(TIFF_VERSION_BIG)
+         extent+=image->columns*sizeof(uint64);
+ #else
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0045-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch imagemagick-6.9.11.60+dfsg/debian/patches/0045-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0045-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0045-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,39 @@
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Mon, 26 Jul 2021 13:08:57 -0400
+Subject: heap-based buffer overflow in TIFF coder (alert from Hunter
+ Mitchell)
+
+origin:  https://github.com/ImageMagick/ImageMagick6/commit/e1fbcdf3aad96d51db65c1601117396eac665a6d
+bug: https://github.com/ImageMagick/ImageMagick6/issues/245
+---
+ coders/tiff.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 1c84442..8d552fc 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -2020,7 +2020,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+               columns_remaining=image->columns-x;
+               if ((ssize_t) (x+columns) < (ssize_t) image->columns)
+                 columns_remaining=columns;
+-              if (TIFFReadTile(tiff,tile_pixels,(uint32) x,(uint32) y,0,i) == 0)
++              if (TIFFReadTile(tiff,tile_pixels,(uint32) x,(uint32) y,0,i) == -1)
+                 break;
+               p=tile_pixels;
+               for (row=0; row < rows_remaining; row++)
+@@ -2080,8 +2080,13 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         if (generic_info == (MemoryInfo *) NULL)
+           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+         pixels=(uint32 *) GetVirtualMemoryBlob(generic_info);
+-        (void) TIFFReadRGBAImage(tiff,(uint32) image->columns,(uint32)
++        status=TIFFReadRGBAImage(tiff,(uint32) image->columns,(uint32)
+           image->rows,(uint32 *) pixels,0);
++        if (status == -1)
++          {
++            generic_info=RelinquishVirtualMemory(generic_info);
++            break;
++          }
+         p=pixels+(image->columns*image->rows)-1;
+         for (y=0; y < (ssize_t) image->rows; y++)
+         {
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0046-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch imagemagick-6.9.11.60+dfsg/debian/patches/0046-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0046-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0046-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,27 @@
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Mon, 26 Jul 2021 13:26:21 -0400
+Subject: heap-based buffer overflow in TIFF coder (alert from Hunter
+ Mitchell)
+
+origin:  https://github.com/ImageMagick/ImageMagick6/commit/35b88c9166bc1b3ce8893f52217bae00d8e2c532
+bug: https://github.com/ImageMagick/ImageMagick6/issues/245
+---
+ coders/tiff.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 8d552fc..38badad 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1974,9 +1974,9 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+         extent=TIFFTileSize(tiff);
+ #if defined(TIFF_VERSION_BIG)
+-        extent+=columns*sizeof(uint64);
++        extent=MagickMax(rows*columns*sizeof(uint64),extent);
+ #else
+-        extent+=columns*sizeof(uint32);
++        extent=MagickMax(rows*columns*sizeof(uint32),extent);
+ #endif
+         tile_pixels=(unsigned char *) AcquireQuantumMemory(extent,
+           sizeof(*tile_pixels));
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0047-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch imagemagick-6.9.11.60+dfsg/debian/patches/0047-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0047-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0047-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,29 @@
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Mon, 26 Jul 2021 13:38:45 -0400
+Subject: heap-based buffer overflow in TIFF coder (alert from Hunter
+ Mitchell)
+
+bug: https://github.com/ImageMagick/ImageMagick6/issues/245
+origin: https://github.com/ImageMagick/ImageMagick6/commit/f90a091c7dd12cc53b0999bf49d1c80651534eea
+---
+ coders/tiff.c | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 38badad..c326559 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1972,12 +1972,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         number_pixels=(MagickSizeType) columns*rows;
+         if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
+           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+-        extent=TIFFTileSize(tiff);
+-#if defined(TIFF_VERSION_BIG)
+-        extent=MagickMax(rows*columns*sizeof(uint64),extent);
+-#else
+-        extent=MagickMax(rows*columns*sizeof(uint32),extent);
+-#endif
++        extent=MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
+         tile_pixels=(unsigned char *) AcquireQuantumMemory(extent,
+           sizeof(*tile_pixels));
+         if (tile_pixels == (unsigned char *) NULL)
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0048-Fix-a-non-initialized-value-passed-to-TIFFGetField.patch imagemagick-6.9.11.60+dfsg/debian/patches/0048-Fix-a-non-initialized-value-passed-to-TIFFGetField.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0048-Fix-a-non-initialized-value-passed-to-TIFFGetField.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0048-Fix-a-non-initialized-value-passed-to-TIFFGetField.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,23 @@
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Fri, 3 Sep 2021 19:45:32 -0400
+Subject: Fix a non initialized value passed to TIFFGetField()
+
+bug-oss-fuzz: https://oss-fuzz.com/testcase-detail/6502669439598592
+bug: https://github.com/ImageMagick/ImageMagick6/issues/246
+origin: https://github.com/ImageMagick/ImageMagick6/commit/995de330310dd35531165d9471fe4d31e0fa79ae
+---
+ coders/tiff.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index c326559..fd0169f 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1485,6 +1485,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+       }
+     if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation,sans) == 1)
+       image->orientation=(OrientationType) orientation;
++    chromaticity=(float *) NULL;
+     if (TIFFGetField(tiff,TIFFTAG_WHITEPOINT,&chromaticity) == 1)
+       {
+         if ((chromaticity != (float *) NULL) && (*chromaticity != 0.0))
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0049-initialize-buffer-before-calling-TIFFGetField.patch imagemagick-6.9.11.60+dfsg/debian/patches/0049-initialize-buffer-before-calling-TIFFGetField.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0049-initialize-buffer-before-calling-TIFFGetField.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0049-initialize-buffer-before-calling-TIFFGetField.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,83 @@
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Sat, 4 Sep 2021 07:45:17 -0400
+Subject: initialize buffer before calling TIFFGetField()
+
+bug-oss-fuzz: https://oss-fuzz.com/testcase-detail/6502669439598592
+bug: https://github.com/ImageMagick/ImageMagick6/issues/246
+origin: https://github.com/ImageMagick/ImageMagick6/commit/995de330310dd35531165d9471fe4d31e0fa79ae
+---
+ coders/tiff.c | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index fd0169f..ee250d9 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -685,7 +685,7 @@ static MagickBooleanType TIFFGetProperties(TIFF *tiff,Image *image)
+ {
+   char
+     message[MaxTextExtent],
+-    *text;
++    *text = (char *) NULL;
+ 
+   MagickBooleanType
+     status;
+@@ -694,7 +694,6 @@ static MagickBooleanType TIFFGetProperties(TIFF *tiff,Image *image)
+     count,
+     type;
+ 
+-  text=(char *) NULL;
+   status=MagickTrue;
+   if ((TIFFGetField(tiff,TIFFTAG_ARTIST,&text) == 1) &&
+       (text != (char *) NULL))
+@@ -1013,10 +1012,11 @@ static TIFFMethodType GetJPEGMethod(Image* image,TIFF *tiff,uint16 photometric,
+ 
+ #if defined(TIFF_VERSION_BIG)
+   uint64
++    *value = (uint64 *) NULL;
+ #else
+   uint32
++    *value = (uint32 *) NULL;
+ #endif
+-    *value;
+ 
+   unsigned char
+     buffer[BUFFER_SIZE+32];
+@@ -1033,7 +1033,6 @@ static TIFFMethodType GetJPEGMethod(Image* image,TIFF *tiff,uint16 photometric,
+   /*
+     Search for Adobe APP14 JPEG marker.
+   */
+-  value=NULL;
+   if (!TIFFGetField(tiff,TIFFTAG_STRIPOFFSETS,&value) || (value == NULL))
+     return(ReadStripMethod);
+   position=TellBlob(image);
+@@ -1175,7 +1174,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+     *option;
+ 
+   float
+-    *chromaticity,
++    *chromaticity = (float *) NULL,
+     x_position,
+     y_position,
+     x_resolution,
+@@ -1485,7 +1484,6 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+       }
+     if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation,sans) == 1)
+       image->orientation=(OrientationType) orientation;
+-    chromaticity=(float *) NULL;
+     if (TIFFGetField(tiff,TIFFTAG_WHITEPOINT,&chromaticity) == 1)
+       {
+         if ((chromaticity != (float *) NULL) && (*chromaticity != 0.0))
+@@ -1589,9 +1587,9 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+           range;
+ 
+         uint16
+-          *blue_colormap,
+-          *green_colormap,
+-          *red_colormap;
++          *blue_colormap = (uint16 *) NULL,
++          *green_colormap = (uint16 *) NULL,
++          *red_colormap = (uint16 *) NULL;
+ 
+         /*
+           Initialize colormap.
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0050-Fix-stack-overflow-when-parsing-malicious-tiff-image.patch imagemagick-6.9.11.60+dfsg/debian/patches/0050-Fix-stack-overflow-when-parsing-malicious-tiff-image.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0050-Fix-stack-overflow-when-parsing-malicious-tiff-image.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0050-Fix-stack-overflow-when-parsing-malicious-tiff-image.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,26 @@
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Tue, 19 Oct 2021 14:53:41 -0400
+Subject: Fix stack overflow when parsing malicious tiff image
+
+(cherry picked from commit 85a370c79afeb45a97842b0959366af5236e9023)
+origin: https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023
+---
+ coders/tiff.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index ee250d9..e650f23 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1972,6 +1972,11 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
+           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+         extent=MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
++#if defined(TIFF_VERSION_BIG)
++        extent+=image->columns*sizeof(uint64);
++#else
++        extent+=image->columns*sizeof(uint32);
++#endif
+         tile_pixels=(unsigned char *) AcquireQuantumMemory(extent,
+           sizeof(*tile_pixels));
+         if (tile_pixels == (unsigned char *) NULL)
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0051-early-exit-on-exception.patch imagemagick-6.9.11.60+dfsg/debian/patches/0051-early-exit-on-exception.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0051-early-exit-on-exception.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0051-early-exit-on-exception.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,152 @@
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Sat, 6 Nov 2021 09:01:26 -0400
+Subject: early exit on exception
+
+In case of malformed tiff image bail early
+
+origin: https://github.com/ImageMagick/ImageMagick6/commit/b272acab91444f2115099fe51ee6c91bb4db5d50
+(cherry picked from commit b272acab91444f2115099fe51ee6c91bb4db5d50)
+---
+ coders/tiff.c | 44 +++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 33 insertions(+), 11 deletions(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index e650f23..fbc6980 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1184,7 +1184,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+     *image;
+ 
+   int
+-    tiff_status;
++    tiff_status = 0;
+ 
+   MagickBooleanType
+     more_frames;
+@@ -2019,7 +2019,9 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+               columns_remaining=image->columns-x;
+               if ((ssize_t) (x+columns) < (ssize_t) image->columns)
+                 columns_remaining=columns;
+-              if (TIFFReadTile(tiff,tile_pixels,(uint32) x,(uint32) y,0,i) == -1)
++              tiff_status=TIFFReadTile(tiff,tile_pixels,(uint32) x,(uint32) y,
++                0,i);
++              if (tiff_status == -1)
+                 break;
+               p=tile_pixels;
+               for (row=0; row < rows_remaining; row++)
+@@ -2079,9 +2081,9 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         if (generic_info == (MemoryInfo *) NULL)
+           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+         pixels=(uint32 *) GetVirtualMemoryBlob(generic_info);
+-        status=TIFFReadRGBAImage(tiff,(uint32) image->columns,(uint32)
++        tiff_status=TIFFReadRGBAImage(tiff,(uint32) image->columns,(uint32)
+           image->rows,(uint32 *) pixels,0);
+-        if (status == -1)
++        if (tiff_status == -1)
+           {
+             generic_info=RelinquishVirtualMemory(generic_info);
+             break;
+@@ -2130,6 +2132,11 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+   next_tiff_frame:
+     if (quantum_info != (QuantumInfo *) NULL)
+       quantum_info=DestroyQuantumInfo(quantum_info);
++    if (tiff_status == -1)
++      {
++        status=MagickFalse;
++        break;
++      }
+     if (photometric == PHOTOMETRIC_CIELAB)
+       DecodeLabImage(image,exception);
+     if ((photometric == PHOTOMETRIC_LOGL) ||
+@@ -3191,6 +3198,9 @@ static MagickBooleanType WriteTIFFImage(const ImageInfo *image_info,
+   EndianType
+     endian_type;
+ 
++  int
++    tiff_status = 0;
++
+   MagickBooleanType
+     debug,
+     status;
+@@ -3870,7 +3880,8 @@ RestoreMSCWarning
+                 break;
+               (void) ExportQuantumPixels(image,(const CacheView *) NULL,
+                 quantum_info,quantum_type,pixels,&image->exception);
+-              if (TIFFWritePixels(tiff,&tiff_info,y,0,image) == -1)
++              tiff_status=TIFFWritePixels(tiff,&tiff_info,y,0,image);
++              if (tiff_status == -1)
+                 break;
+               if (image->previous == (Image *) NULL)
+                 {
+@@ -3898,7 +3909,8 @@ RestoreMSCWarning
+                 break;
+               (void) ExportQuantumPixels(image,(const CacheView *) NULL,
+                 quantum_info,RedQuantum,pixels,&image->exception);
+-              if (TIFFWritePixels(tiff,&tiff_info,y,0,image) == -1)
++              tiff_status=TIFFWritePixels(tiff,&tiff_info,y,0,image);
++              if (tiff_status == -1)
+                 break;
+             }
+             if (image->previous == (Image *) NULL)
+@@ -3917,7 +3929,8 @@ RestoreMSCWarning
+                 break;
+               (void) ExportQuantumPixels(image,(const CacheView *) NULL,
+                 quantum_info,GreenQuantum,pixels,&image->exception);
+-              if (TIFFWritePixels(tiff,&tiff_info,y,1,image) == -1)
++              tiff_status=TIFFWritePixels(tiff,&tiff_info,y,1,image);
++              if (tiff_status == -1)
+                 break;
+             }
+             if (image->previous == (Image *) NULL)
+@@ -3936,7 +3949,8 @@ RestoreMSCWarning
+                 break;
+               (void) ExportQuantumPixels(image,(const CacheView *) NULL,
+                 quantum_info,BlueQuantum,pixels,&image->exception);
+-              if (TIFFWritePixels(tiff,&tiff_info,y,2,image) == -1)
++              tiff_status=TIFFWritePixels(tiff,&tiff_info,y,2,image);
++              if (tiff_status == -1)
+                 break;
+             }
+             if (image->previous == (Image *) NULL)
+@@ -3957,7 +3971,8 @@ RestoreMSCWarning
+                   break;
+                 (void) ExportQuantumPixels(image,(const CacheView *) NULL,
+                   quantum_info,AlphaQuantum,pixels,&image->exception);
+-                if (TIFFWritePixels(tiff,&tiff_info,y,3,image) == -1)
++                tiff_status=TIFFWritePixels(tiff,&tiff_info,y,3,image);
++                if (tiff_status == -1)
+                   break;
+               }
+             if (image->previous == (Image *) NULL)
+@@ -3991,7 +4006,8 @@ RestoreMSCWarning
+             break;
+           (void) ExportQuantumPixels(image,(const CacheView *) NULL,
+             quantum_info,quantum_type,pixels,&image->exception);
+-          if (TIFFWritePixels(tiff,&tiff_info,y,0,image) == -1)
++          tiff_status=TIFFWritePixels(tiff,&tiff_info,y,0,image);
++          if (tiff_status == -1)
+             break;
+           if (image->previous == (Image *) NULL)
+             {
+@@ -4070,7 +4086,8 @@ RestoreMSCWarning
+             break;
+           (void) ExportQuantumPixels(image,(const CacheView *) NULL,
+             quantum_info,quantum_type,pixels,&image->exception);
+-          if (TIFFWritePixels(tiff,&tiff_info,y,0,image) == -1)
++          tiff_status=TIFFWritePixels(tiff,&tiff_info,y,0,image);
++          if (tiff_status == -1)
+             break;
+           if (image->previous == (Image *) NULL)
+             {
+@@ -4087,6 +4104,11 @@ RestoreMSCWarning
+     if (image->colorspace == LabColorspace)
+       DecodeLabImage(image,&image->exception);
+     DestroyTIFFInfo(&tiff_info);
++    if (tiff_status == -1)
++      {
++        status=MagickFalse;
++        break;
++      }
+     /* TIFFPrintDirectory(tiff,stdout,MagickFalse); */
+     if (TIFFWriteDirectory(tiff) == 0)
+       {
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0052-Fix-buffer-overrun-in-TIFF-coder.patch imagemagick-6.9.11.60+dfsg/debian/patches/0052-Fix-buffer-overrun-in-TIFF-coder.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0052-Fix-buffer-overrun-in-TIFF-coder.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0052-Fix-buffer-overrun-in-TIFF-coder.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,22 @@
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Sun, 14 Mar 2021 07:44:52 -0400
+Subject: Fix buffer overrun in TIFF coder
+
+origin: https://github.com/ImageMagick/ImageMagick6/commit/2204eb57ae00b005b39165a47b8984eac01600a5
+---
+ coders/tiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index fbc6980..6c68f8a 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1242,7 +1242,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+     *pixels;
+ 
+   void
+-    *sans[2] = { NULL, NULL };
++    *sans[4] = { NULL, NULL, NULL, NULL };
+ 
+   /*
+     Open image.
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0053-Fix-buffer-overrun-in-TIFF-coder.patch imagemagick-6.9.11.60+dfsg/debian/patches/0053-Fix-buffer-overrun-in-TIFF-coder.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0053-Fix-buffer-overrun-in-TIFF-coder.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0053-Fix-buffer-overrun-in-TIFF-coder.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,22 @@
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Fri, 17 Dec 2021 14:05:04 -0500
+Subject: Fix buffer overrun in TIFF coder
+
+origin: https://github.com/ImageMagick/ImageMagick6/commit/add9cb14e14eef02806715d97abcf5d04a3e55dd
+---
+ coders/tiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 6c68f8a..102b2b8 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1242,7 +1242,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+     *pixels;
+ 
+   void
+-    *sans[4] = { NULL, NULL, NULL, NULL };
++    *sans[5] = { NULL, NULL, NULL, NULL, NULL };
+ 
+   /*
+     Open image.
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0054-Fix-buffer-overrun-in-TIFF-coder.patch imagemagick-6.9.11.60+dfsg/debian/patches/0054-Fix-buffer-overrun-in-TIFF-coder.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0054-Fix-buffer-overrun-in-TIFF-coder.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0054-Fix-buffer-overrun-in-TIFF-coder.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,23 @@
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Thu, 17 Mar 2022 15:02:49 -0400
+Subject: Fix buffer overrun in TIFF coder
+
+bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42549
+origin: https://github.com/ImageMagick/ImageMagick6/commit/de6ada9a068b01494bfb848024ed46942da9d238
+---
+ coders/tiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 102b2b8..516d4a1 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1242,7 +1242,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+     *pixels;
+ 
+   void
+-    *sans[5] = { NULL, NULL, NULL, NULL, NULL };
++    *sans[8] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL };
+ 
+   /*
+     Open image.
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0055-Fix-unintialised-value.patch imagemagick-6.9.11.60+dfsg/debian/patches/0055-Fix-unintialised-value.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0055-Fix-unintialised-value.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0055-Fix-unintialised-value.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,63 @@
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Fri, 11 Feb 2022 10:46:49 -0500
+Subject: Fix unintialised value
+
+bug: https://github.com/ImageMagick/ImageMagick/issues/4830
+origin:  https://github.com/ImageMagick/ImageMagick6/commit/409d42205927c98cbb852ca96e109716f38f04ab
+---
+ coders/tiff.c | 35 ++++++++++++++++-------------------
+ 1 file changed, 16 insertions(+), 19 deletions(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 516d4a1..aad3063 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -567,10 +567,7 @@ static MagickBooleanType ReadProfile(Image *image,const char *name,
+       image->filename);
+   status=SetImageProfile(image,name,profile);
+   profile=DestroyStringInfo(profile);
+-  if (status == MagickFalse)
+-    ThrowBinaryImageException(ResourceLimitError,"MemoryAllocationFailed",
+-      image->filename);
+-  return(MagickTrue);
++  return(status);
+ }
+ 
+ #if defined(__cplusplus) || defined(c_plusplus)
+@@ -1217,21 +1214,21 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+     method;
+ 
+   uint16
+-    compress_tag,
+-    bits_per_sample,
+-    endian,
+-    extra_samples,
+-    interlace,
+-    max_sample_value,
+-    min_sample_value,
+-    orientation,
+-    pages,
+-    photometric,
+-    *sample_info,
+-    sample_format,
+-    samples_per_pixel,
+-    units,
+-    value;
++    compress_tag = 0,
++    bits_per_sample = 0,
++    endian = 0,
++    extra_samples = 0,
++    interlace = 0,
++    max_sample_value = 0,
++    min_sample_value = 0,
++    orientation = 0,
++    pages = 0,
++    photometric = 0,
++    *sample_info = NULL,
++    sample_format = 0,
++    samples_per_pixel = 0,
++    units = 0,
++    value = 0;
+ 
+   uint32
+     height,
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0056-CVE-2023-1289-recursion-detection-framework.patch imagemagick-6.9.11.60+dfsg/debian/patches/0056-CVE-2023-1289-recursion-detection-framework.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0056-CVE-2023-1289-recursion-detection-framework.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0056-CVE-2023-1289-recursion-detection-framework.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,219 @@
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Mon, 6 Mar 2023 14:46:21 -0500
+Subject: CVE-2023-1289: recursion detection framework
+
+origin: https://github.com/ImageMagick/ImageMagick6/commit/e8c0090c6d2df7b1553053dca2008e96724204bf
+bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-1289
+---
+ magick/constitute.c | 12 ++++++++++++
+ magick/draw.c       | 55 +++++++++++++++++++++++++----------------------------
+ magick/draw.h       |  3 +++
+ magick/image.c      |  1 +
+ magick/image.h      |  3 +++
+ 5 files changed, 45 insertions(+), 29 deletions(-)
+
+diff --git a/magick/constitute.c b/magick/constitute.c
+index e05c538..49e8f82 100644
+--- a/magick/constitute.c
++++ b/magick/constitute.c
+@@ -77,6 +77,11 @@
+ #include "magick/transform.h"
+ #include "magick/utility.h"
+ 
++/*  
++  Define declarations.
++*/
++#define MaxReadRecursionDepth  100
++
+ /*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ %                                                                             %
+@@ -558,9 +563,16 @@ MagickExport Image *ReadImage(const ImageInfo *image_info,
+       if ((thread_support & DecoderThreadSupport) == 0)
+         LockSemaphoreInfo(magick_info->semaphore);
+       status=IsCoderAuthorized(read_info->magick,ReadPolicyRights,exception);
++      if (((ImageInfo *) image_info)->recursion_depth++ > MaxReadRecursionDepth)
++        {
++          (void) ThrowMagickException(exception,GetMagickModule(),CoderError,
++            "NumberOfImagesIsNotSupported","`%s'",read_info->magick);
++          status=MagickFalse;
++        }
+       image=(Image *) NULL;
+       if (status != MagickFalse)
+         image=GetImageDecoder(magick_info)(read_info,exception);
++      ((ImageInfo *) image_info)->recursion_depth--;
+       if ((thread_support & DecoderThreadSupport) == 0)
+         UnlockSemaphoreInfo(magick_info->semaphore);
+     }
+diff --git a/magick/draw.c b/magick/draw.c
+index ba216dc..9e92193 100644
+--- a/magick/draw.c
++++ b/magick/draw.c
+@@ -381,6 +381,7 @@ MagickExport DrawInfo *CloneDrawInfo(const ImageInfo *image_info,
+     clone_info->composite_mask=CloneImage(draw_info->composite_mask,0,0,
+       MagickTrue,&draw_info->composite_mask->exception);
+   clone_info->render=draw_info->render;
++  clone_info->image_info=CloneImageInfo(draw_info->image_info);
+   clone_info->debug=IsEventLogging();
+   return(clone_info);
+ }
+@@ -5822,21 +5823,18 @@ MagickExport void GetDrawInfo(const ImageInfo *image_info,DrawInfo *draw_info)
+   ExceptionInfo
+     *exception;
+ 
+-  ImageInfo
+-    *clone_info;
+-
+   /*
+     Initialize draw attributes.
+   */
+   (void) LogMagickEvent(TraceEvent,GetMagickModule(),"...");
+   assert(draw_info != (DrawInfo *) NULL);
+   (void) memset(draw_info,0,sizeof(*draw_info));
+-  clone_info=CloneImageInfo(image_info);
++  draw_info->image_info=CloneImageInfo(image_info);
+   GetAffineMatrix(&draw_info->affine);
+   exception=AcquireExceptionInfo();
+   (void) QueryColorDatabase("#000F",&draw_info->fill,exception);
+   (void) QueryColorDatabase("#FFF0",&draw_info->stroke,exception);
+-  draw_info->stroke_antialias=clone_info->antialias;
++  draw_info->stroke_antialias=draw_info->image_info->antialias;
+   draw_info->stroke_width=1.0;
+   draw_info->fill_rule=EvenOddRule;
+   draw_info->opacity=OpaqueOpacity;
+@@ -5846,64 +5844,64 @@ MagickExport void GetDrawInfo(const ImageInfo *image_info,DrawInfo *draw_info)
+   draw_info->linejoin=MiterJoin;
+   draw_info->miterlimit=10;
+   draw_info->decorate=NoDecoration;
+-  if (clone_info->font != (char *) NULL)
+-    draw_info->font=AcquireString(clone_info->font);
+-  if (clone_info->density != (char *) NULL)
+-    draw_info->density=AcquireString(clone_info->density);
+-  draw_info->text_antialias=clone_info->antialias;
++  if (draw_info->image_info->font != (char *) NULL)
++    draw_info->font=AcquireString(draw_info->image_info->font);
++  if (draw_info->image_info->density != (char *) NULL)
++    draw_info->density=AcquireString(draw_info->image_info->density);
++  draw_info->text_antialias=draw_info->image_info->antialias;
+   draw_info->pointsize=12.0;
+-  if (fabs(clone_info->pointsize) >= MagickEpsilon)
+-    draw_info->pointsize=clone_info->pointsize;
++  if (fabs(draw_info->image_info->pointsize) >= MagickEpsilon)
++    draw_info->pointsize=draw_info->image_info->pointsize;
+   draw_info->undercolor.opacity=(Quantum) TransparentOpacity;
+-  draw_info->border_color=clone_info->border_color;
++  draw_info->border_color=draw_info->image_info->border_color;
+   draw_info->compose=OverCompositeOp;
+-  if (clone_info->server_name != (char *) NULL)
+-    draw_info->server_name=AcquireString(clone_info->server_name);
++  if (draw_info->image_info->server_name != (char *) NULL)
++    draw_info->server_name=AcquireString(draw_info->image_info->server_name);
+   draw_info->render=MagickTrue;
+   draw_info->clip_path=MagickFalse;
+   draw_info->debug=IsEventLogging();
+-  option=GetImageOption(clone_info,"direction");
++  option=GetImageOption(draw_info->image_info,"direction");
+   if (option != (const char *) NULL)
+     draw_info->direction=(DirectionType) ParseCommandOption(
+       MagickDirectionOptions,MagickFalse,option);
+   else
+     draw_info->direction=UndefinedDirection;
+-  option=GetImageOption(clone_info,"encoding");
++  option=GetImageOption(draw_info->image_info,"encoding");
+   if (option != (const char *) NULL)
+     (void) CloneString(&draw_info->encoding,option);
+-  option=GetImageOption(clone_info,"family");
++  option=GetImageOption(draw_info->image_info,"family");
+   if (option != (const char *) NULL)
+     (void) CloneString(&draw_info->family,option);
+-  option=GetImageOption(clone_info,"fill");
++  option=GetImageOption(draw_info->image_info,"fill");
+   if (option != (const char *) NULL)
+     (void) QueryColorDatabase(option,&draw_info->fill,exception);
+-  option=GetImageOption(clone_info,"gravity");
++  option=GetImageOption(draw_info->image_info,"gravity");
+   if (option != (const char *) NULL)
+     draw_info->gravity=(GravityType) ParseCommandOption(MagickGravityOptions,
+       MagickFalse,option);
+-  option=GetImageOption(clone_info,"interline-spacing");
++  option=GetImageOption(draw_info->image_info,"interline-spacing");
+   if (option != (const char *) NULL)
+     draw_info->interline_spacing=GetDrawValue(option,&next_token);
+-  option=GetImageOption(clone_info,"interword-spacing");
++  option=GetImageOption(draw_info->image_info,"interword-spacing");
+   if (option != (const char *) NULL)
+     draw_info->interword_spacing=GetDrawValue(option,&next_token);
+-  option=GetImageOption(clone_info,"kerning");
++  option=GetImageOption(draw_info->image_info,"kerning");
+   if (option != (const char *) NULL)
+     draw_info->kerning=GetDrawValue(option,&next_token);
+-  option=GetImageOption(clone_info,"stroke");
++  option=GetImageOption(draw_info->image_info,"stroke");
+   if (option != (const char *) NULL)
+     (void) QueryColorDatabase(option,&draw_info->stroke,exception);
+-  option=GetImageOption(clone_info,"strokewidth");
++  option=GetImageOption(draw_info->image_info,"strokewidth");
+   if (option != (const char *) NULL)
+     draw_info->stroke_width=GetDrawValue(option,&next_token);
+-  option=GetImageOption(clone_info,"style");
++  option=GetImageOption(draw_info->image_info,"style");
+   if (option != (const char *) NULL)
+     draw_info->style=(StyleType) ParseCommandOption(MagickStyleOptions,
+       MagickFalse,option);
+-  option=GetImageOption(clone_info,"undercolor");
++  option=GetImageOption(draw_info->image_info,"undercolor");
+   if (option != (const char *) NULL)
+     (void) QueryColorDatabase(option,&draw_info->undercolor,exception);
+-  option=GetImageOption(clone_info,"weight");
++  option=GetImageOption(draw_info->image_info,"weight");
+   if (option != (const char *) NULL)
+     {
+       ssize_t
+@@ -5916,7 +5914,6 @@ MagickExport void GetDrawInfo(const ImageInfo *image_info,DrawInfo *draw_info)
+     }
+   exception=DestroyExceptionInfo(exception);
+   draw_info->signature=MagickCoreSignature;
+-  clone_info=DestroyImageInfo(clone_info);
+ }
+ 
+ /*
+diff --git a/magick/draw.h b/magick/draw.h
+index a44ef3a..46e622d 100644
+--- a/magick/draw.h
++++ b/magick/draw.h
+@@ -354,6 +354,9 @@ typedef struct _DrawInfo
+ 
+   char
+     *id;
++
++  ImageInfo
++    *image_info;
+ } DrawInfo;
+ 
+ typedef struct _PrimitiveInfo
+diff --git a/magick/image.c b/magick/image.c
+index 1fc3617..9ee22d8 100644
+--- a/magick/image.c
++++ b/magick/image.c
+@@ -1008,6 +1008,7 @@ MagickExport ImageInfo *CloneImageInfo(const ImageInfo *image_info)
+   clone_info->subimage=image_info->scene;  /* deprecated */
+   clone_info->subrange=image_info->number_scenes;  /* deprecated */
+   clone_info->channel=image_info->channel;
++  clone_info->recursion_depth=image_info->recursion_depth;
+   clone_info->debug=IsEventLogging();
+   clone_info->signature=image_info->signature;
+   return(clone_info);
+diff --git a/magick/image.h b/magick/image.h
+index ac69bef..e71df13 100644
+--- a/magick/image.h
++++ b/magick/image.h
+@@ -499,6 +499,9 @@ struct _ImageInfo
+ 
+   MagickBooleanType
+     synchronize;
++
++  size_t
++    recursion_depth;  /* recursion detection */
+ };
+ 
+ extern MagickExport ExceptionType
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0056-Raise-exception-when-image-could-not-be-read-but-no-.patch imagemagick-6.9.11.60+dfsg/debian/patches/0056-Raise-exception-when-image-could-not-be-read-but-no-.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0056-Raise-exception-when-image-could-not-be-read-but-no-.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0056-Raise-exception-when-image-could-not-be-read-but-no-.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,26 @@
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Sat, 19 Feb 2022 07:46:46 +0100
+Subject: Raise exception when image could not be read but no exception was
+ raised.
+
+Bail out in case of corrupted image
+
+https://github.com/ImageMagick/ImageMagick6/commit/3e15c68efcb1e6383c93e7dfe38ba6c37e614d1b
+(cherry picked from commit 3e15c68efcb1e6383c93e7dfe38ba6c37e614d1b)
+---
+ coders/tiff.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index aad3063..ac2771a 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1264,6 +1264,8 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+     TIFFUnmapBlob);
+   if (tiff == (TIFF *) NULL)
+     {
++      if (exception->severity == UndefinedException)
++          ThrowReaderException(CorruptImageError,"UnableToReadImageData");
+       image=DestroyImageList(image);
+       return((Image *) NULL);
+     }
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0057-CVE-2022-1115-heap-based-overflow-with-a-specially-c.patch imagemagick-6.9.11.60+dfsg/debian/patches/0057-CVE-2022-1115-heap-based-overflow-with-a-specially-c.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0057-CVE-2022-1115-heap-based-overflow-with-a-specially-c.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0057-CVE-2022-1115-heap-based-overflow-with-a-specially-c.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,24 @@
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Tue, 22 Mar 2022 20:11:27 -0400
+Subject: CVE-2022-1115: heap based overflow with a specially crafted TIFF
+ image
+
+bug: https://github.com/ImageMagick/ImageMagick/issues/4974
+origin: https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51
+---
+ coders/tiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index ac2771a..f545c4e 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1970,7 +1970,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         number_pixels=(MagickSizeType) columns*rows;
+         if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
+           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+-        extent=MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
++        extent=4*MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
+ #if defined(TIFF_VERSION_BIG)
+         extent+=image->columns*sizeof(uint64);
+ #else
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0057-CVE-2023-1289-recursion-detection.patch imagemagick-6.9.11.60+dfsg/debian/patches/0057-CVE-2023-1289-recursion-detection.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0057-CVE-2023-1289-recursion-detection.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0057-CVE-2023-1289-recursion-detection.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,23 @@
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Mon, 6 Mar 2023 15:26:32 -0500
+Subject: CVE-2023-1289 recursion detection
+
+origin: https://github.com/ImageMagick/ImageMagick6/commit/706d381b7eb79927d328c96f7b7faab5dc109368
+bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
+bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-1289
+---
+ magick/draw.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/magick/draw.c b/magick/draw.c
+index 9e92193..7096628 100644
+--- a/magick/draw.c
++++ b/magick/draw.c
+@@ -5444,6 +5444,7 @@ MagickExport MagickBooleanType DrawPrimitive(Image *image,
+       if (primitive_info->text == (char *) NULL)
+         break;
+       clone_info=AcquireImageInfo();
++      clone_info->recursion_depth=draw_info->image_info->recursion_depth;
+       composite_images=(Image *) NULL;
+       if (LocaleNCompare(primitive_info->text,"data:",5) == 0)
+         composite_images=ReadInlineImage(clone_info,primitive_info->text,
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0058-CVE-2023-1906.patch imagemagick-6.9.11.60+dfsg/debian/patches/0058-CVE-2023-1906.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0058-CVE-2023-1906.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0058-CVE-2023-1906.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,50 @@
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sat, 1 Apr 2023 07:32:01 -0400
+Subject: CVE-2023-1906
+
+A heap-based buffer overflow issue was discovered in ImageMagick's
+ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c.
+An attacker could pass specially crafted file to convert, triggering
+an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
+
+origin: https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
+---
+ coders/tiff.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index f545c4e..9b06c24 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1870,7 +1870,8 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         /*
+           Convert stripped TIFF image.
+         */
+-        extent=(samples_per_pixel+1)*TIFFStripSize(tiff);
++        extent=MagickMax(sizeof(uint32),(samples_per_pixel+extra_samples)*
++          (image->depth+7)/8)*image->columns*rows_per_strip;
+ #if defined(TIFF_VERSION_BIG)
+         extent+=image->columns*sizeof(uint64);
+ #else
+@@ -1970,7 +1971,8 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         number_pixels=(MagickSizeType) columns*rows;
+         if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
+           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+-        extent=4*MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
++        extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff),
++          TIFFTileSize(tiff));
+ #if defined(TIFF_VERSION_BIG)
+         extent+=image->columns*sizeof(uint64);
+ #else
+@@ -2071,11 +2073,6 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         if (HeapOverflowSanityCheck(image->rows,sizeof(*pixels)) != MagickFalse)
+           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+         number_pixels=(MagickSizeType) image->columns*image->rows;
+-#if defined(TIFF_VERSION_BIG)
+-        number_pixels+=image->columns*sizeof(uint64);
+-#else
+-        number_pixels+=image->columns*sizeof(uint32);
+-#endif
+         generic_info=AcquireVirtualMemory(number_pixels,sizeof(*pixels));
+         if (generic_info == (MemoryInfo *) NULL)
+           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0059-1-2-Prepare-CVE-2023-34151-improved-range-checking.patch imagemagick-6.9.11.60+dfsg/debian/patches/0059-1-2-Prepare-CVE-2023-34151-improved-range-checking.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0059-1-2-Prepare-CVE-2023-34151-improved-range-checking.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0059-1-2-Prepare-CVE-2023-34151-improved-range-checking.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,39 @@
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sat, 15 Apr 2023 09:44:37 -0400
+Subject: [1/2] Prepare CVE-2023-34151 :improved range checking
+
+---
+ magick/image-private.h | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/magick/image-private.h b/magick/image-private.h
+index e0d616d..09d718b 100644
+--- a/magick/image-private.h
++++ b/magick/image-private.h
+@@ -61,6 +61,26 @@ static inline ssize_t CastDoubleToLong(const double value)
+   return((ssize_t) value);
+ }
+ 
++static inline size_t CastDoubleToUnsigned(const double x)
++{
++  if (IsNaN(x) != 0)
++    {
++      errno=ERANGE;
++      return(0);
++    }
++  if (floor(x) > ((double) MAGICK_SSIZE_MAX-1))
++    {
++      errno=ERANGE;
++      return((size_t) MAGICK_SIZE_MAX);
++    }
++  if (ceil(x) < 0.0)
++    {
++      errno=ERANGE;
++      return(0);
++    }
++  return((size_t) x);
++}
++
+ static inline double DegreesToRadians(const double degrees)
+ {
+   return((double) (MagickPI*degrees/180.0));
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0060-2-2-Prepare-CVE-2023-34151-add-additional-checks-for.patch imagemagick-6.9.11.60+dfsg/debian/patches/0060-2-2-Prepare-CVE-2023-34151-add-additional-checks-for.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0060-2-2-Prepare-CVE-2023-34151-add-additional-checks-for.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0060-2-2-Prepare-CVE-2023-34151-add-additional-checks-for.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,23 @@
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Thu, 13 Apr 2023 11:42:11 -0400
+Subject: [2/2] Prepare CVE-2023-34151: add additional checks for casting
+ double to size_t
+
+---
+ magick/image-private.h | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/magick/image-private.h b/magick/image-private.h
+index 09d718b..b269f33 100644
+--- a/magick/image-private.h
++++ b/magick/image-private.h
+@@ -41,6 +41,9 @@ extern "C" {
+ #define MagickSQ1_2  0.70710678118654752440084436210484903928483593768847
+ #define MagickSQ2    1.41421356237309504880168872420969807856967187537695
+ #define MagickSQ2PI  2.50662827463100024161235523934010416269302368164062
++#define MAGICK_SIZE_MAX  (SIZE_MAX)
++#define MAGICK_SSIZE_MAX  (SSIZE_MAX)
++#define MAGICK_SSIZE_MIN  (-(SSIZE_MAX)-1)
+ #define MatteColor  "#bdbdbd"  /* gray */
+ #define PSDensityGeometry  "72.0x72.0"
+ #define PSPageGeometry  "612x792"
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0061-CVE-2023-34151-properly-cast-double-to-size_t.patch imagemagick-6.9.11.60+dfsg/debian/patches/0061-CVE-2023-34151-properly-cast-double-to-size_t.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0061-CVE-2023-34151-properly-cast-double-to-size_t.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0061-CVE-2023-34151-properly-cast-double-to-size_t.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,306 @@
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Wed, 17 May 2023 21:06:18 -0400
+Subject: CVE-2023-34151: properly cast double to size_t
+
+bug: https://github.com/ImageMagick/ImageMagick/issues/6341
+---
+ coders/caption.c        | 10 +++++-----
+ coders/label.c          | 10 +++++-----
+ coders/pcl.c            |  4 ++--
+ coders/pdf.c            |  4 ++--
+ coders/ps.c             |  4 ++--
+ coders/ps2.c            |  4 ++--
+ coders/ps3.c            |  4 ++--
+ coders/svg.c            |  4 ++--
+ magick/annotate.c       |  4 ++--
+ magick/draw.c           |  8 ++++----
+ magick/geometry.c       |  4 ++--
+ magick/shear.c          | 10 +++++-----
+ magick/visual-effects.c |  4 ++--
+ 13 files changed, 37 insertions(+), 37 deletions(-)
+
+diff --git a/coders/caption.c b/coders/caption.c
+index 73568fd..37a56f3 100644
+--- a/coders/caption.c
++++ b/coders/caption.c
+@@ -154,7 +154,7 @@ static Image *ReadCAPTIONImage(const ImageInfo *image_info,
+     return(DestroyImageList(image));
+   (void) SetImageProperty(image,"caption",caption);
+   draw_info=CloneDrawInfo(image_info,(DrawInfo *) NULL);
+-  width=(size_t) floor(draw_info->pointsize*strlen(caption)+0.5);
++  width=CastDoubleToUnsigned(draw_info->pointsize*strlen(caption)+0.5);
+   if (AcquireMagickResource(WidthResource,width) == MagickFalse)
+     {
+       caption=DestroyString(caption);
+@@ -239,8 +239,8 @@ static Image *ReadCAPTIONImage(const ImageInfo *image_info,
+         status=GetMultilineTypeMetrics(image,draw_info,&metrics);
+         if (status == MagickFalse)
+           break;
+-        width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
+-        height=(size_t) floor(metrics.height+draw_info->interline_spacing+
++        width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
++        height=CastDoubleToUnsigned(metrics.height+draw_info->interline_spacing+
+           draw_info->stroke_width+0.5);
+         if ((image->columns != 0) && (image->rows != 0))
+           {
+@@ -267,8 +267,8 @@ static Image *ReadCAPTIONImage(const ImageInfo *image_info,
+         status=GetMultilineTypeMetrics(image,draw_info,&metrics);
+         if (status == MagickFalse)
+           break;
+-        width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
+-        height=(size_t) floor(metrics.height+draw_info->interline_spacing+
++        width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
++        height=CastDoubleToUnsigned(metrics.height+draw_info->interline_spacing+
+           draw_info->stroke_width+0.5);
+         if ((image->columns != 0) && (image->rows != 0))
+           {
+diff --git a/coders/label.c b/coders/label.c
+index 81cba24..4ee719b 100644
+--- a/coders/label.c
++++ b/coders/label.c
+@@ -135,7 +135,7 @@ static Image *ReadLABELImage(const ImageInfo *image_info,
+     return(DestroyImageList(image));
+   (void) SetImageProperty(image,"label",label);
+   draw_info=CloneDrawInfo(image_info,(DrawInfo *) NULL);
+-  width=(size_t) floor(draw_info->pointsize*strlen(label)+0.5);
++  width=CastDoubleToUnsigned(draw_info->pointsize*strlen(label)+0.5);
+   if (AcquireMagickResource(WidthResource,width) == MagickFalse)
+     {
+       label=DestroyString(label);
+@@ -174,8 +174,8 @@ static Image *ReadLABELImage(const ImageInfo *image_info,
+           status=GetMultilineTypeMetrics(image,draw_info,&metrics);
+           if (status == MagickFalse)
+             break;
+-          width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
+-          height=(size_t) floor(metrics.height+draw_info->stroke_width+0.5);
++          width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
++          height=CastDoubleToUnsigned(metrics.height+draw_info->stroke_width+0.5);
+           if ((image->columns != 0) && (image->rows != 0))
+             {
+               if ((width >= image->columns) && (height >= image->rows))
+@@ -204,8 +204,8 @@ static Image *ReadLABELImage(const ImageInfo *image_info,
+           status=GetMultilineTypeMetrics(image,draw_info,&metrics);
+           if (status == MagickFalse)
+             break;
+-          width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
+-          height=(size_t) floor(metrics.height+draw_info->stroke_width+0.5);
++          width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
++          height=CastDoubleToUnsigned(metrics.height+draw_info->stroke_width+0.5);
+           if ((image->columns != 0) && (image->rows != 0))
+             {
+               if ((width < image->columns) && (height < image->rows))
+diff --git a/coders/pcl.c b/coders/pcl.c
+index f1d9a7d..b109526 100644
+--- a/coders/pcl.c
++++ b/coders/pcl.c
+@@ -333,9 +333,9 @@ static Image *ReadPCLImage(const ImageInfo *image_info,ExceptionInfo *exception)
+     image->x_resolution,image->y_resolution);
+   if (image_info->ping != MagickFalse)
+     (void) FormatLocaleString(density,MagickPathExtent,"2.0x2.0");
+-  page.width=(size_t) floor((double) page.width*image->x_resolution/delta.x+
++  page.width=CastDoubleToUnsigned((double) page.width*image->x_resolution/delta.x+
+     0.5);
+-  page.height=(size_t) floor((double) page.height*image->y_resolution/delta.y+
++  page.height=CastDoubleToUnsigned((double) page.height*image->y_resolution/delta.y+
+     0.5);
+   (void) FormatLocaleString(options,MaxTextExtent,"-g%.20gx%.20g ",(double)
+      page.width,(double) page.height);
+diff --git a/coders/pdf.c b/coders/pdf.c
+index 4fd7fe3..25077d8 100644
+--- a/coders/pdf.c
++++ b/coders/pdf.c
+@@ -1587,9 +1587,9 @@ static MagickBooleanType WritePDFImage(const ImageInfo *image_info,Image *image)
+     (void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
+       &geometry.width,&geometry.height);
+     scale.x=(double) (geometry.width*delta.x)/resolution.x;
+-    geometry.width=(size_t) floor(scale.x+0.5);
++    geometry.width=CastDoubleToUnsigned(scale.x+0.5);
+     scale.y=(double) (geometry.height*delta.y)/resolution.y;
+-    geometry.height=(size_t) floor(scale.y+0.5);
++    geometry.height=CastDoubleToUnsigned(scale.y+0.5);
+     (void) ParseAbsoluteGeometry(page_geometry,&media_info);
+     (void) ParseGravityGeometry(image,page_geometry,&page_info,
+       &image->exception);
+diff --git a/coders/ps.c b/coders/ps.c
+index b351eae..af81bbb 100644
+--- a/coders/ps.c
++++ b/coders/ps.c
+@@ -1502,9 +1502,9 @@ static MagickBooleanType WritePSImage(const ImageInfo *image_info,Image *image)
+     (void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
+       &geometry.width,&geometry.height);
+     scale.x=PerceptibleReciprocal(resolution.x)*geometry.width*delta.x;
+-    geometry.width=(size_t) floor(scale.x+0.5);
++    geometry.width=CastDoubleToUnsigned(scale.x+0.5);
+     scale.y=PerceptibleReciprocal(resolution.y)*geometry.height*delta.y;
+-    geometry.height=(size_t) floor(scale.y+0.5);
++    geometry.height=CastDoubleToUnsigned(scale.y+0.5);
+     (void) ParseAbsoluteGeometry(page_geometry,&media_info);
+     (void) ParseGravityGeometry(image,page_geometry,&page_info,
+       &image->exception);
+diff --git a/coders/ps2.c b/coders/ps2.c
+index afc60ab..3e102dc 100644
+--- a/coders/ps2.c
++++ b/coders/ps2.c
+@@ -533,9 +533,9 @@ static MagickBooleanType WritePS2Image(const ImageInfo *image_info,Image *image)
+     (void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
+       &geometry.width,&geometry.height);
+     scale.x=PerceptibleReciprocal(resolution.x)*geometry.width*delta.x;
+-    geometry.width=(size_t) floor(scale.x+0.5);
++    geometry.width=CastDoubleToUnsigned(scale.x+0.5);
+     scale.y=PerceptibleReciprocal(resolution.y)*geometry.height*delta.y;
+-    geometry.height=(size_t) floor(scale.y+0.5);
++    geometry.height=CastDoubleToUnsigned(scale.y+0.5);
+     (void) ParseAbsoluteGeometry(page_geometry,&media_info);
+     (void) ParseGravityGeometry(image,page_geometry,&page_info,
+       &image->exception);
+diff --git a/coders/ps3.c b/coders/ps3.c
+index 9a795ff..192a19d 100644
+--- a/coders/ps3.c
++++ b/coders/ps3.c
+@@ -980,9 +980,9 @@ static MagickBooleanType WritePS3Image(const ImageInfo *image_info,Image *image)
+     (void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
+       &geometry.width,&geometry.height);
+     scale.x=PerceptibleReciprocal(resolution.x)*geometry.width*delta.x;
+-    geometry.width=(size_t) floor(scale.x+0.5);
++    geometry.width=CastDoubleToUnsigned(scale.x+0.5);
+     scale.y=PerceptibleReciprocal(resolution.y)*geometry.height*delta.y;
+-    geometry.height=(size_t) floor(scale.y+0.5);
++    geometry.height=CastDoubleToUnsigned(scale.y+0.5);
+     (void) ParseAbsoluteGeometry(page_geometry,&media_info);
+     (void) ParseGravityGeometry(image,page_geometry,&page_info,
+       &image->exception);
+diff --git a/coders/svg.c b/coders/svg.c
+index 0b3364b..912c714f 100644
+--- a/coders/svg.c
++++ b/coders/svg.c
+@@ -2519,10 +2519,10 @@ static void SVGStartElement(void *context,const xmlChar *name,
+             svg_info->view_box=svg_info->bounds;
+           svg_info->width=0;
+           if (svg_info->bounds.width > 0.0)
+-            svg_info->width=(size_t) floor(svg_info->bounds.width+0.5);
++            svg_info->width=CastDoubleToUnsigned(svg_info->bounds.width+0.5);
+           svg_info->height=0;
+           if (svg_info->bounds.height > 0.0)
+-            svg_info->height=(size_t) floor(svg_info->bounds.height+0.5);
++            svg_info->height=CastDoubleToUnsigned(svg_info->bounds.height+0.5);
+           (void) FormatLocaleFile(svg_info->file,"viewbox 0 0 %.20g %.20g\n",
+             (double) svg_info->width,(double) svg_info->height);
+           sx=PerceptibleReciprocal(svg_info->view_box.width)*svg_info->width;
+diff --git a/magick/annotate.c b/magick/annotate.c
+index 20fbf7b..874fb8b 100644
+--- a/magick/annotate.c
++++ b/magick/annotate.c
+@@ -325,7 +325,7 @@ MagickExport MagickBooleanType AnnotateImage(Image *image,
+     (void) CloneString(&annotate->text,textlist[i]);
+     if ((metrics.width == 0) || (annotate->gravity != NorthWestGravity))
+       (void) GetTypeMetrics(image,annotate,&metrics);
+-    height=(size_t) floor(metrics.ascent-metrics.descent+0.5);
++    height=CastDoubleToUnsigned(metrics.ascent-metrics.descent+0.5);
+     if (height == 0)
+       height=draw_info->pointsize;
+     height+=(size_t) floor(draw_info->interline_spacing+0.5);
+@@ -610,7 +610,7 @@ MagickExport ssize_t FormatMagickCaption(Image *image,DrawInfo *draw_info,
+     status=GetTypeMetrics(image,draw_info,metrics);
+     if (status == MagickFalse)
+       break;
+-    width=(size_t) floor(metrics->width+draw_info->stroke_width+0.5);
++    width=CastDoubleToUnsigned(metrics->width+draw_info->stroke_width+0.5);
+     if (width <= image->columns)
+       continue;
+     if (s != (char *) NULL)
+diff --git a/magick/draw.c b/magick/draw.c
+index 7096628..212564f 100644
+--- a/magick/draw.c
++++ b/magick/draw.c
+@@ -3447,14 +3447,14 @@ static MagickBooleanType RenderMVGContent(Image *image,
+                 (void) GetNextToken(q,&q,extent,token);
+                 if (*token == ',')
+                   (void) GetNextToken(q,&q,extent,token);
+-                bounds.width=(size_t) floor(GetDrawValue(token,&next_token)+
++                bounds.width=CastDoubleToUnsigned(GetDrawValue(token,&next_token)+
+                   0.5);
+                 if (token == next_token)
+                   ThrowPointExpectedException(image,token);
+                 (void) GetNextToken(q,&q,extent,token);
+                 if (*token == ',')
+                   (void) GetNextToken(q,&q,extent,token);
+-                bounds.height=(size_t) floor(GetDrawValue(token,&next_token)+
++                bounds.height=CastDoubleToUnsigned(GetDrawValue(token,&next_token)+
+                   0.5);
+                 if (token == next_token)
+                   ThrowPointExpectedException(image,token);
+@@ -3859,14 +3859,14 @@ static MagickBooleanType RenderMVGContent(Image *image,
+             (void) GetNextToken(q,&q,extent,token);
+             if (*token == ',')
+               (void) GetNextToken(q,&q,extent,token);
+-            graphic_context[n]->viewbox.width=(size_t) floor(GetDrawValue(
++            graphic_context[n]->viewbox.width=CastDoubleToUnsigned(GetDrawValue(
+               token,&next_token)+0.5);
+             if (token == next_token)
+               ThrowPointExpectedException(image,token);
+             (void) GetNextToken(q,&q,extent,token);
+             if (*token == ',')
+               (void) GetNextToken(q,&q,extent,token);
+-            graphic_context[n]->viewbox.height=(size_t) floor(GetDrawValue(
++            graphic_context[n]->viewbox.height=CastDoubleToUnsigned(GetDrawValue(
+               token,&next_token)+0.5);
+             if (token == next_token)
+               ThrowPointExpectedException(image,token);
+diff --git a/magick/geometry.c b/magick/geometry.c
+index 5290abe..1d6ef77 100644
+--- a/magick/geometry.c
++++ b/magick/geometry.c
+@@ -1411,8 +1411,8 @@ MagickExport MagickStatusType ParseMetaGeometry(const char *geometry,ssize_t *x,
+       scale.y=geometry_info.sigma;
+       if ((flags & SigmaValue) == 0)
+         scale.y=scale.x;
+-      *width=(size_t) floor(scale.x*former_width/100.0+0.5);
+-      *height=(size_t) floor(scale.y*former_height/100.0+0.5);
++      *width=CastDoubleToUnsigned(scale.x*former_width/100.0+0.5);
++      *height=CastDoubleToUnsigned(scale.y*former_height/100.0+0.5);
+       former_width=(*width);
+       former_height=(*height);
+     }
+diff --git a/magick/shear.c b/magick/shear.c
+index 731db09..26b0405 100644
+--- a/magick/shear.c
++++ b/magick/shear.c
+@@ -166,8 +166,8 @@ static MagickBooleanType CropToFitImage(Image **image,
+   }
+   geometry.x=CastDoubleToLong(ceil(min.x-0.5));
+   geometry.y=CastDoubleToLong(ceil(min.y-0.5));
+-  geometry.width=(size_t) floor(max.x-min.x+0.5);
+-  geometry.height=(size_t) floor(max.y-min.y+0.5);
++  geometry.width=CastDoubleToUnsigned(max.x-min.x+0.5);
++  geometry.height=CastDoubleToUnsigned(max.y-min.y+0.5);
+   page=(*image)->page;
+   (void) ParseAbsoluteGeometry("0x0+0+0",&(*image)->page);
+   crop_image=CropImage(*image,&geometry,exception);
+@@ -1787,9 +1787,9 @@ MagickExport Image *ShearRotateImage(const Image *image,const double degrees,
+   */
+   width=integral_image->columns;
+   height=integral_image->rows;
+-  bounds.width=(size_t) floor(fabs((double) height*shear.x)+width+0.5);
+-  bounds.height=(size_t) floor(fabs((double) bounds.width*shear.y)+height+0.5);
+-  shear_width=(size_t) floor(fabs((double) bounds.height*shear.x)+
++  bounds.width=CastDoubleToUnsigned(fabs((double) height*shear.x)+width+0.5);
++  bounds.height=CastDoubleToUnsigned(fabs((double) bounds.width*shear.y)+height+0.5);
++  shear_width=CastDoubleToUnsigned(fabs((double) bounds.height*shear.x)+
+     bounds.width+0.5);
+   bounds.x=CastDoubleToLong(floor((double) ((shear_width > bounds.width) ?
+     width : bounds.width-shear_width+2)/2.0+0.5));
+diff --git a/magick/visual-effects.c b/magick/visual-effects.c
+index 87fd0b0..b263978 100644
+--- a/magick/visual-effects.c
++++ b/magick/visual-effects.c
+@@ -2052,8 +2052,8 @@ MagickExport Image *ShadowImage(const Image *image,const double opacity,
+     (void) SetImageColorspace(clone_image,sRGBColorspace);
+   (void) SetImageVirtualPixelMethod(clone_image,EdgeVirtualPixelMethod);
+   clone_image->compose=OverCompositeOp;
+-  border_info.width=(size_t) floor(2.0*sigma+0.5);
+-  border_info.height=(size_t) floor(2.0*sigma+0.5);
++  border_info.width=CastDoubleToUnsigned(2.0*sigma+0.5);
++  border_info.height=CastDoubleToUnsigned(2.0*sigma+0.5);
+   border_info.x=0;
+   border_info.y=0;
+   (void) QueryColorDatabase("none",&clone_image->border_color,exception);
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0062-heap-buffer-overflow-in-ImageMagick-7.1.1-12-contrib.patch imagemagick-6.9.11.60+dfsg/debian/patches/0062-heap-buffer-overflow-in-ImageMagick-7.1.1-12-contrib.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0062-heap-buffer-overflow-in-ImageMagick-7.1.1-12-contrib.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0062-heap-buffer-overflow-in-ImageMagick-7.1.1-12-contrib.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,25 @@
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Mon, 26 Jun 2023 19:39:43 -0400
+Subject: heap-buffer-overflow in ImageMagick <= 7.1.1-12,
+ contributed by Hardik shah of Vehere (Dawn Treaders team)
+
+origin: https://github.com/ImageMagick/ImageMagick6/commit/0d00400727170b0540a355a1bc52787bc7bcdea5
+
+This fix CVE-2023-3428
+---
+ coders/tiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 9b06c24..12bea21 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1971,7 +1971,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         number_pixels=(MagickSizeType) columns*rows;
+         if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
+           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+-        extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff),
++        extent=4*(samples_per_pixel+1)*MagickMax((rows+1)*TIFFTileRowSize(tiff),
+           TIFFTileSize(tiff));
+ #if defined(TIFF_VERSION_BIG)
+         extent+=image->columns*sizeof(uint64);
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0063-Added-check-for-invalid-size.patch imagemagick-6.9.11.60+dfsg/debian/patches/0063-Added-check-for-invalid-size.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0063-Added-check-for-invalid-size.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0063-Added-check-for-invalid-size.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,32 @@
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Tue, 30 Nov 2021 20:19:09 +0100
+Subject: Added check for invalid size.
+
+origin: https://github.com/ImageMagick/ImageMagick6/commit/94f76dd2f760241bec51e7d66873e77a58d812ba.patch
+---
+ coders/bmp.c | 10 ++--------
+ 1 file changed, 2 insertions(+), 8 deletions(-)
+
+diff --git a/coders/bmp.c b/coders/bmp.c
+index 8b7b2a2..c5ccb70 100644
+--- a/coders/bmp.c
++++ b/coders/bmp.c
+@@ -624,16 +624,10 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
+       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     bmp_info.file_size=ReadBlobLSBLong(image);
+     (void) ReadBlobLSBLong(image);
+-
+-    if (image->debug != MagickFalse)
+-      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+-         "  File_size in header:  %u bytes",bmp_info.file_size);
+-
+     bmp_info.offset_bits=ReadBlobLSBLong(image);
+     bmp_info.size=ReadBlobLSBLong(image);
+-    if (image->debug != MagickFalse)
+-      (void) LogMagickEvent(CoderEvent,GetMagickModule(),"  BMP size: %u",
+-        bmp_info.size);
++    if (bmp_info.size > 124)
++      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     profile_data=0;
+     profile_size=0;
+     if (bmp_info.size == 12)
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0064-improve-BMP-error-checking.patch imagemagick-6.9.11.60+dfsg/debian/patches/0064-improve-BMP-error-checking.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0064-improve-BMP-error-checking.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0064-improve-BMP-error-checking.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,111 @@
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Wed, 18 Jan 2023 07:22:53 -0500
+Subject: improve BMP error checking
+
+bug; https://github.com/ImageMagick/ImageMagick/issues/5980
+---
+ coders/bmp.c | 28 ++++++++++++++--------------
+ 1 file changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/coders/bmp.c b/coders/bmp.c
+index c5ccb70..4a3bff7 100644
+--- a/coders/bmp.c
++++ b/coders/bmp.c
+@@ -233,7 +233,7 @@ static MagickBooleanType DecodeImage(Image *image,const size_t compression,
+     MagickBooleanType
+       status;
+ 
+-    if ((p < pixels) || (p > q))
++    if ((p < pixels) || (p >= q))
+       break;
+     count=ReadBlobByte(image);
+     if (count == EOF)
+@@ -269,7 +269,7 @@ static MagickBooleanType DecodeImage(Image *image,const size_t compression,
+         if (count == EOF)
+           break;
+         if (count == 0x01)
+-          return(MagickTrue);
++          break;
+         switch (count)
+         {
+           case 0x00:
+@@ -298,6 +298,8 @@ static MagickBooleanType DecodeImage(Image *image,const size_t compression,
+               Absolute mode.
+             */
+             count=(int) MagickMin((ssize_t) count,(ssize_t) (q-p));
++            if (count < 0)
++              break;
+             if (compression == BI_RLE8)
+               for (i=0; i < (ssize_t) count; i++)
+               {
+@@ -318,6 +320,8 @@ static MagickBooleanType DecodeImage(Image *image,const size_t compression,
+                 *p++=(unsigned char)
+                   ((i & 0x01) != 0 ? (byte & 0x0f) : ((byte >> 4) & 0x0f));
+               }
++            if (byte == EOF)
++              break;
+             x+=count;
+             /*
+               Read pad byte.
+@@ -343,7 +347,7 @@ static MagickBooleanType DecodeImage(Image *image,const size_t compression,
+   }
+   (void) ReadBlobByte(image);  /* end of line */
+   (void) ReadBlobByte(image);
+-  return(y < (ssize_t) image->rows ? MagickFalse : MagickTrue);
++  return((q-pixels) < (ssize_t) number_pixels ? MagickFalse : MagickTrue);
+ }
+ 
+ /*
+@@ -517,7 +521,8 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
+     *image;
+ 
+   IndexPacket
+-    index;
++    index,
++    *indexes;
+ 
+   MagickBooleanType
+     status;
+@@ -534,19 +539,9 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
+   MemoryInfo
+     *pixel_info;
+ 
+-  IndexPacket
+-    *indexes;
+-
+   PixelPacket
+     *q;
+ 
+-  ssize_t
+-    i,
+-    x;
+-
+-  unsigned char
+-    *p;
+-
+   size_t
+     bit,
+     bytes_per_line,
+@@ -554,10 +549,13 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ 
+   ssize_t
+     count,
++    i,
++    x,
+     y;
+ 
+   unsigned char
+     magick[12],
++    *p,
+     *pixels;
+ 
+   unsigned int
+@@ -628,6 +626,8 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
+     bmp_info.size=ReadBlobLSBLong(image);
+     if (bmp_info.size > 124)
+       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
++    if (bmp_info.offset_bits < bmp_info.size)
++      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     profile_data=0;
+     profile_size=0;
+     if (bmp_info.size == 12)
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0065-CVE-2023-5341.patch imagemagick-6.9.11.60+dfsg/debian/patches/0065-CVE-2023-5341.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0065-CVE-2023-5341.patch	1970-01-01 00:00:00.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0065-CVE-2023-5341.patch	2024-02-17 15:30:20.000000000 +0000
@@ -0,0 +1,23 @@
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sun, 24 Sep 2023 07:29:21 -0400
+Subject: CVE-2023-5341
+
+origin: https://github.com/ImageMagick/ImageMagick6/commit/405684654eb9b43424c3c0276ea343681021d9e0
+---
+ coders/bmp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/coders/bmp.c b/coders/bmp.c
+index 4a3bff7..b837b28 100644
+--- a/coders/bmp.c
++++ b/coders/bmp.c
+@@ -626,6 +626,9 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
+     bmp_info.size=ReadBlobLSBLong(image);
+     if (bmp_info.size > 124)
+       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
++    if ((bmp_info.file_size != 0) &&
++        ((MagickSizeType) bmp_info.file_size > GetBlobSize(image)))
++      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     if (bmp_info.offset_bits < bmp_info.size)
+       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     profile_data=0;
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/series imagemagick-6.9.11.60+dfsg/debian/patches/series
--- imagemagick-6.9.11.60+dfsg/debian/patches/series	2023-12-29 11:12:17.000000000 +0000
+++ imagemagick-6.9.11.60+dfsg/debian/patches/series	2024-02-17 15:30:20.000000000 +0000
@@ -40,3 +40,28 @@
 0040-CVE-2022-32545-undefined-behavior-value-outside-char.patch
 0041-CVE-2022-32546-outside-the-range-of-representable-va.patch
 0042-Fix-CVE-2022-32547-unaligned-access-in-property.patch
+0043-1-2-CVE-2021-3610-eliminate-heap-buffer-overflow-vul.patch
+0044-2-2-CVE-2021-3610-eliminate-heap-buffer-overflow-vul.patch
+0045-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch
+0046-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch
+0047-heap-based-buffer-overflow-in-TIFF-coder-alert-from-.patch
+0048-Fix-a-non-initialized-value-passed-to-TIFFGetField.patch
+0049-initialize-buffer-before-calling-TIFFGetField.patch
+0050-Fix-stack-overflow-when-parsing-malicious-tiff-image.patch
+0051-early-exit-on-exception.patch
+0052-Fix-buffer-overrun-in-TIFF-coder.patch
+0053-Fix-buffer-overrun-in-TIFF-coder.patch
+0054-Fix-buffer-overrun-in-TIFF-coder.patch
+0055-Fix-unintialised-value.patch
+0056-Raise-exception-when-image-could-not-be-read-but-no-.patch
+0057-CVE-2022-1115-heap-based-overflow-with-a-specially-c.patch
+0056-CVE-2023-1289-recursion-detection-framework.patch
+0057-CVE-2023-1289-recursion-detection.patch
+0058-CVE-2023-1906.patch
+0059-1-2-Prepare-CVE-2023-34151-improved-range-checking.patch
+0060-2-2-Prepare-CVE-2023-34151-add-additional-checks-for.patch
+0061-CVE-2023-34151-properly-cast-double-to-size_t.patch
+0062-heap-buffer-overflow-in-ImageMagick-7.1.1-12-contrib.patch
+0063-Added-check-for-invalid-size.patch
+0064-improve-BMP-error-checking.patch
+0065-CVE-2023-5341.patch