Initially I wrote only about Bookworm. But it is not only Bookworm problem. For example, I have also repeat steps from https://docs.google.com/document/d/1zjM5MvfFYC317PEPY4_4WRi0hOdpM766FyqpvOmeE90/edit?usp=sharing in the environment of vagrant image debian/buster64 v10.20231211.1 (available here: https://app.vagrantup.com/debian/boxes/buster64/versions/10.20231211.1). Result fully reproduced:
vagrant@buster:~/imagemagick-6.9.10.23+dfsg$ ./magick.sh identify mvg:piechart.mvg coders/mvg.c:180:33: runtime error: 5e+26 is outside the range of representable values of type 'long unsigned int' identify: must specify image size `piechart.mvg' @ error/mvg.c/ReadMVGImage/186. vagrant@buster:~/imagemagick-6.9.10.23+dfsg$ I used sources of imagemagick with version 8:6.9.10.23+dfsg-2.1+deb10u7 mentioned here https://security-tracker.debian.org/tracker/CVE-2023-34151 as fixed. So I think CVE-2023-34151 was not properly closed for mvg in all Debian versions. At least I proved that it was not closed in Bookworm and Buster. But highly likely it was not properly closed in all other versions.