Download Latest Version GraphicsMagick-1.3.47.tar.xz (6.1 MB)
Email in envelope

Get an email when there's a new version of GraphicsMagick

Home
Name Modified Size InfoDownloads / Week
graphicsmagick-snapshots 2026-06-12
8 8 weekly downloads
graphicsmagick 2026-05-13
3,349 3,349 weekly downloads
graphicsmagick-binaries 2025-10-29
388 388 weekly downloads
graphicsmagick-history 2023-08-12
199 199 weekly downloads
OldFiles 2012-06-23
3 3 weekly downloads
README.rst 2026-05-13 20.4 kB
5 5 weekly downloads
Totals: 6 Items   20.4 kB 3,952

GraphicsMagick News

This file was last updated to reflect changes up to May 13, 2026.

Please note that this file records news for the associated development branch and that each development branch has its own NEWS file. See the ChangeLog file, and/or the Mercurial changesets, for full details.

Due to significant issues being discovered and addressed for almost every release, it is recommended to update to the most current release and not attempt to patch older releases.

1.3.47 (May 13, 2026)

Special Issues:

  • GraphicsMagick needs some additional productive volunteers. For several years now, the burden has entirely been on me (Bob Friesenhahn). I have been sheparding the project for 24 years already (and contributed to ImageMagick and GraphicsMagick combined for 30 years already). Volunteers are needed to add/improve new/existing file format support, and to assure correct operation on all targets.

Security Fixes:

  • DPX: Fix subsampling validation logic which was failing due to incorrect logic. This avoids a divide by zero possibility.
  • JNG writer: Properly handle and report the case where ImageToBlob()returns NULL.
  • MNG writer: Enforce that MNG only supports a color palette up to 256 colors (ImageMagick CVE-2026-28690).
  • MagickXImageWindowCommand(): Assure that static buffer does not overflow if the user keeps a numeric key depressed (ImageMagick CVE-2026-33535).
  • PCD: Prevent an out of bounds read (ImageMagick security advisory GHSA-wrhr-rf8j-r842).
  • PNG writer: Detect and report an excessively large profile, an other unexpected conditions (ImageMagick CVE-2026-30883).
  • RenderFreetype(): Use MagickConfirmAccess() to verify that font file name is allowed to be read.
  • TIFF EXIF IFD writer: Detect and prevent infinite looping (EXIF IFD writer code may be excluded by the -DEXPERIMENTAL_EXIF_TAGS=0 define).
  • TIFF EXIF IFD writer: Only transfer tags from EXIF and GPS IFDs. Do not transfer tags from the main IFDs.
  • YUV: Fix validation of 'sampling-factor' argument. (ImageMagick CVE-2026-25799). Given that the argument normally comes from a user (rather than an input file) this seems to be a minor security issue at most.
  • PS, PS2, PS3: Enforce that width and height dimensions, and total pixels, to/from Ghostscript are within the same limits as specified for GraphicsMagick. This helps avoid Ghostscript-based denial of service opportunities.
  • SVG: Add validations for element id syntax. Reject invalid attribute values which contain single quotes.
  • XCF: Report an error if there are no layers. Fix two unsigned integer overflow cases.
  • DescribeImage(): Avoid heap write overflow while parsing the image directory.

Bug fixes:

  • ColorFloodfillImage(): Disable OpenMP since it was observed to create corrupt images.
  • DCM/DICOM: Fix bit shift for 16-bit short, which corrupted results for some images.
  • DrawImage(): Fix memory leak which might occur under severe conditions.
  • Magick++: Use HAVE_PTHREAD to enable thread-safe code. This bug has been present since 2003!
  • Magick++: If monochrome is disabled, then clear the image is_monochrome flag if it is set.
  • Magick++: No longer throw a C++ exception from the MutexLock destructor.
  • JP2: Fix a bug which caused lossless compression to not be engaged by '-define jp2:rate=1.0'.
  • JPEG: Allow writing CMYK JPEG without specifically requesting it (SourceForge issue #768). This fixes a regression introduced in the last release.
  • JPEG: For components == 1 (gray), fix reading PseudoClass images.
  • ModuleAliases: Added a mapping from magick "MPRI" to module "MPR". This missing mapping caused the "MPRI" coder to not work for non-module builds. As a result, the 'mogrify' "hald-clut", "map", "mask", and "tile" subcommands were not working. Any use of "MPRI:N" syntax to save an image for later (from the command-line or via the APIs) would have failed.
  • HEIF: Check the return status of heif_image_handle_get_preferred_decoding_colorspace() in order to avoid consuming uninitialized memory. While this might appear to be a security issue, it appears to be reasonably benign.
  • Apple PICT: Since the implementation originating from ImageMagick, the rowBytes transition from from byte to short while reading byteCount was 200. However, it should have been 250! See "https://github.com/ImageMagick/ImageMagick/issues/7837" for details. The reader and writer have been changed to use 250. This means that PICT files written by the fixed GraphicsMagick will not be readable by older GraphicsMagick versions (but the fixed GraphicsMagick can read older existing files).
  • PNM: Improve ASCII formats error checking.
  • HEIF (HEIC, AVIF, etc.): The identify command was very slow with HEIF, although it always reported accurate information. Now identify is fast but may return wrong results if the image is rotated. Use '-define heif:ignore-transformations=false' to assure that the values returned are accurate.
  • TIFF: Be more pessimistic about claims from libtiff and require that it produce a scanline, strip, or tile, before allocating pixels from the pixel cache. This helps prevent small files from using excessive resources.
  • Rendering (-draw/MVG): use the resource-limited memory allocator to provide more resource limit control (for primitive info and graphic contexts).
  • GIF: Store image comment in first image frame rather than the last frame.
  • Add missing prototypes for some functions and declare some functions as 'static' which were accidentally left visible.
  • PerlMagick: PerlMagick is now "const correct" and data which could be const is now declared as such.
  • MAT: Fix memory leaks.
  • XPM/PICON: Verify that the expected number of pixels were transferred to the image.
  • SetImageType(): Assure that callers of SetImageType() do check for its failure, and return appropriate status.

API Updates:

  • Wand API: Added the MagickSetBackgroundColor() function to support setting the default background color.
  • Drawing API: DrawNewContext(), is a new function to allocate an empty drawing context.
  • Wand API: The wand/drawing_wand.c functions which duplicate code in magick/draw.c are gutted and replaced with calls into magick/draw.c.
  • Magick++: Add access confirmation functions and enumerations to Magick namespace so that file/URL access confirmation functions may be used. A sample implementation is included in the 'zoom' demo program.

New Features:

  • PNM: Support reading PBM raw (P1), PGM raw (P2), and PPM raw (P3) files which lack a newline character at the end of the last line.
  • HEIF (HEIC, AVCI, AVIF, MP4, etc.): Memory limits and many more libheif resource limits are now applied/available. Support reading multiple image frames. Support arbitrary image depths up to 16 bits. Deduce file type by consulting libheif. Support reading HEIF image from an in-memory BLOB, or memory mapped file.
  • HEIF (HEIC, AVCI, AVIF, MP4, etc.): Support both RGB interleaved and planar decode modes at once. Use the heif:interleaved-rgb-decode=yes/no define to select which mode is used.
  • HEIF (HEIC, AVCI, AVIF, MP4, etc.): Add support for -define heif:tile-threads=number to specify how many tiles may be decoded at once.
  • The 'convert' and 'mogrify' subcommands now support -remap, which is equivalent to -map. This is to improve compatibility with ImageMagick, which changed from -map to -remap some time after the GraphicsMagick fork in 2022.
  • Command arguments which currently accept "Opacity" now accept "Alpha" as a synonym. This is to improve compatibility with ImageMagick
  • Command arguments which currently accept "CopyOpacity" now accept "CopyAlpha" as a synonym. This is to improve compatibility with ImageMagick.
  • Resource Limited Memory: Added module, function, and line parameters for the purpose of tracing, and to capture the source location where the allocation was made.
  • Resource limit for number of simultaneous images: Add an 'ImagesResource' limit and '-limit images' to place a limit on discrete raster images which may be loaded into the program simultaneously. The resource which is limited is the number of Image pixel cache stores with allocated pixels rather than reference-counted "Image" handles.
  • WBMP: Support alternate file extensions "WBM" and "WBP".
  • OSS-Fuzz: The oss-fuzz build script is completely re-written and supports building almost all of the available library dependencies.
  • TIFF: Added support for LERC compression in TIFF reader and writer, as welll as update Magick++, PerlMagick, and TclMagick to be able to access it.

Behavior Changes:

  • Apple PICT: Older GraphicsMagick will be unable to read the PICT files that newer versions write, but newer GraphicsMagick can still read files which were written by ImageMagick or GraphicsMagick in the broken format.
  • C API: MagickRealloc() now behaves like standard realloc() and the MagickReallocMemory() macro takes responsibility for freeing the original memory upon a reallocation failure.
  • Rendering (-draw/MVG): The default image canvas color is now the background color (default white), which may be transparent. Previously, the image was always set to opaque.

General Implementation Improvements:

  • FormatString(): Deprecate FormatString(), and replace all usages with MagickFormatString(), or a suitable equivalent. Code previously depended on many string buffers being allocated with size 'MaxTextExtent' to avoid buffer overflow. The updates result in MagickFormatString() being passed the actual underlying buffer size in most cases (except for when the API design prevents it). This allows underlying buffer sizes to be optimially-sized, but that has not been done yet.

Build Changes:

  • It is now supported to build the C code using C++.
  • PerlMagick can be built with C++.
  • The native Windows build using the configure script, (e.g. MinGW, MSYS2) now searches for 'gswin64c.exe' rather than 'gswin32c.exe'.

Windows Delegate Updates/Additions:

  • Installer: Do not attempt to execute vcredist_x64.exe.
  • Libtiff: Libtiff is updated to version 4.7.1.

Other News:

  • A used laptop running Windows 11 has been contributed to the project. Thank you very much for the contribution!

1.3.46 (October 29, 2025)

Special Issues:

  • GraphicsMagick needs some additional productive volunteers. For several years now, the burden has entirely been on me (Bob Friesenhahn). I have been sheparding the project for 23 years already (and contributed to ImageMagick and GraphicsMagick combined for 29 years already). Volunteers are needed to add/improve new/existing file format support, and to assure correct operation on all targets. Donations are requested in order to purchase a new computer to run Windows 11.

Security Fixes:

  • MSL: Use libxml2's SAX handlers for the MVG XML-based scripting implementation. This removes a lot of archaic cruft which might suffer from security issues.
  • JP2: Fix Jasper max_samples calculation to avoid DOS due to huge image dimensions.
  • JXL: Apply image dimension resource limits. Fix heap buffer write overflow while reading image.
  • SVG: Use libxml2's SAX handlers for the SVG renderer. This removes a lot of archaic cruft which might suffer from security issues.
  • WPG: Assure that the palette buffer is allocated and the current size (SourceForge bug #750).
  • ColorFloodfillImage(): For floodfill, return an error if a clip-mask is present. The problem is that the algorithm may not converge if a clip-mask is present.
  • ThumbnailImage(): Prevent a divide by zero crash.

Bug fixes:

  • BMP: Assure that the opacity channel is initialized, even if the image is indicated to be opaque. This avoids issues with code which assumes that the opacity channel is always initialized.
  • BRAILLE: Eliminate a Clang scan-build gripe regarding access off the end of an array.
  • JPEG: Since GraphicsMagick 1.3.43, CMYK JPEG has been writing inverted. This bug is now fixed.
  • JPEG: Enforce that JPEG is written as RGB unless a different colorspace was specified.
  • PNG8: It is decided that PNG8 does indeed mean indexed-color with 8-bit sample depth and only binary transparency is supported. With this objective, the PNG8 writer is re-implemented, including attempting to produce reasonable output when the original image can not be represented completely due to too many colors, or complex opacity. There is still much work to be done to produce optimum output given complex/messy images.
  • MNG: Validate that Validate that MNG width or height is non-zero.
  • TclMagick: The TclMagick build uses the latest TEA tcl.m4 macros, while modernizing the Automake and Autoconf files. Many defects in the C code are corrected. The libttkcommon "shim" library, previously used to allow TkMagick to work, is completely eliminated. The names of installed shared objects now match the names generated by the TEA tcl.m4 module. The TclMagick tests are integrated into the build via 'make check' and 'make test'. Even 'make distcheck' works now.
  • HEIF: Only apply Exif orientation if ignore-transformations is true since HEIF native transformations will handle orientation otherwise.
  • HEIF: Use primary image for HEIC even when it has multiple images.
  • Hull transform: Fix a arithemetic overflow regression added on October 21, 2023.
  • JXL: Free profile memory if JxlDecoderSetBoxBuffer() fails.
  • Magick++ 'analyze' demo: Request "Analyze" rather than "analyze". It is not clear how this was working before.
  • TIFF: EXPERIMENTAL_EXIF_TAGS is enabled by default again since all known security issues have been addressed. Use CPPFLAGS=-DEXPERIMENTAL_EXIF_TAGS=0 to disable it.
  • TIFF: Only handle EXIF and GPS IFDs once in order to avoid infinite recursion.
  • TIFF: Do not transfer image-dependent TIFFTAG_TRANSFERFUNCTION and TIFFTAG_COLORMAP tags.
  • XPM: Eliminate a Clang scan-build gripe about use of a "garbage value".
  • GetImageBoundingBox(): If image rows or columns is zero, then return default bounds.
  • TransformImage(), and -crop: Sove the problem "-crop does not generate tiles when used with a percentage"
  • DrawImage(): Fix derefrence of a NULL pointer as well as shoring up error handling related to DrawPatternPath().

New Features:

  • Support the newer Artifex urw-base35-fonts. Both OpenType and Postscript Type 1 fonts are supported. This is in response to to Debian bug 1019717 "Display of an SVG file broken due to gsfonts transition", https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019717.
  • Support XML predefined entities when reading delegates.mgk so that it may be expressed in valid XML.
  • Header Magic: When identifying files via their header, there is now a magic description field to indicate the sub-format used.
  • Header Magic: Include a format description in the output of 'gm convert -list magic'.
  • TIFF: Add support for libtiff 4.5 TIFFWarningExtR() and TIFFErrorExtR() in order to provide an error handling context per TIFF handle. This improves concurrency and thread safety when multiple libraries are using libtiff within the same process.
  • EXIF attribute decoding is now updated to support Exif Version 3.0.
  • EXIF validation is added, based on the expected EXIF tag format and expected number of components. Quite a lot of testing was done to discover (and allow) minor deviations from the specification. The validation is done to detect and prevent the reproduction of incorherent "garble".
  • HEIF (HEIC, AVIF, etc.), rewrite the Re-write the HEIF reader (AVIF, HEIC, etc.) to be based on heif_image_get_plane_readonly2(). With the re-write comes support for deep images, as well as returning YCbCr and monochrome images. Use '-define heif:preserve-colorspace=true' to return the image in its original colorspace. Defines are provided to support all currently existing security limits.

API Updates:

  • Magick++: Added InitializeMagickSentinel helper class, which performs the function of InitializeMagick() and invokes DestroyMagick() when an object created based on it goes out of scope. The Magick++ demos and tests are updated to use this class.
  • Wand: MagickSetImagePixels(), If update image has matte, then promote canvas image to have matte. Support composing individual channels 'R', 'G', 'B', 'A', 'O', 'T', 'C', 'M', 'Y', 'K'.

Behavior Changes:

  • Magick++: Support for automatic cleanup via a 'MagickCleanUp' static object is removed due to race conditions with static destruction in other libraries.
  • SetImageAttribute(): No longer translate format requests for special format characters (e.g. "%m:%f %wx%h") in attribute text. Any code which was relying on this should use TranslateText() to perform the translations prior to calling SetImageAttribute().

Build Changes:

  • The build now requires a C'99 compatible compiler (inttypes.h, stdint.h, and printf 'j', 'z', and 't' formatters). This means that (absent additional porting efforts) Solaris 10 U8 (released in October 2009) may be the oldest system supported. C'89 is obviously from 1989 and although I was glad to hear that systems from the mid'90s were still able to compile and use recent GraphicsMagick, adding the C'99 requirement is part of an effort to simplify GraphicsMagick configuration requirements. Libraries that GraphicsMagick optionally uses had already adopted a C'99 or C'11 (2011) requirement.
  • The Autoconf-based configure script is significantly re-written so that it takes advantage of everything learned via pkg-config, but continues to be able to function if pkg-config data is not available. In particular, the primary library name (e.g. '-lpng16d') produced by pkg-config data is deduced, and used, if available. The configuration summary at the end now includes a listing of all of the direct dependencies required to link with each delegate library. Static library based builds (as used in the oss-fuzz builds) require that all of the dependencies are listed and so they produce a larger dependency summary than when shared libraries are used.
  • Use Autoconf 2.72 and require Autoconf 2.71 (or later).
  • Use Automake 1.17.
  • Update Libtool to version 2.5.4.
  • Test and demo programs are added to Coverity analysis. This necessitated fixing test/demo code to use "secure" buffer handling.
  • Build the software differently for the oss-fuzz build so that features not useful, or harmful to, oss-fuzz testing are removed. This is indicated when FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined.
  • The oss-fuzz build script (fuzzing/oss-fuzz-build.sh) is subtantially updated to build a fully-featured libheif, with a set of common libraries it depends on. In fact, all of the dependencies (except for some rarely-used libtiff dependencies) are now included.

Windows Delegate Updates/Additions:

1.3.45 (August 27, 2024)

Special Issues:

  • GraphicsMagick needs some additional productive volunteers. For several years now, the burden has entirely been on me (Bob Friesenhahn). I have been sheparding the project for 22 years already (and contributed to ImageMagick and GraphicsMagick combined for 28 years already). Volunteers are needed to add/improve new/existing file format support, and to assure correct operation on all targets.

Security Fixes:

  • None

Bug fixes:

  • Fix off-by-one bug added by the 1.3.44 release to the sub-image specification parser, and which resulted in one less page being returned than expected (SourceForge bug #746 Off-by-one-error when converting PDF with multiple pages).

New Features:

  • None

API Updates:

  • None

Behavior Changes:

  • None

Build Changes:

  • None
Source: README.rst, updated 2026-05-13