Dev news

Commit 21525d8f2 for imagemagick.org

commit 21525d8f27b86e8063fe359616086fd6b71eb05b
Author: Dirk Lemstra <dirk@lemstra.org>
Date:   Sun Feb 8 14:15:46 2026 +0100

    Fixed out of bound read with negative pixel index (GHSA-vpxv-r9pg-7gpr)

diff --git a/coders/xpm.c b/coders/xpm.c
index 83db713b0..e9b8dd167 100644
--- a/coders/xpm.c
+++ b/coders/xpm.c
@@ -1134,10 +1134,14 @@ static MagickBooleanType WriteXPMImage(const ImageInfo *image_info,Image *image,
     for (x=0; x < (ssize_t) image->columns; x++)
     {
       k=((ssize_t) GetPixelIndex(image,p) % MaxCixels);
+      if (k < 0)
+        k=0;
       symbol[0]=Cixel[k];
       for (j=1; j < (ssize_t) characters_per_pixel; j++)
       {
         k=(((int) GetPixelIndex(image,p)-k)/MaxCixels) % MaxCixels;
+        if (k < 0)
+          k=0;
         symbol[j]=Cixel[k];
       }
       symbol[j]='\0';