-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 06 Sep 2025 01:44:14 +0200
Source: imagemagick
Architecture: source
Version: 8:7.1.2.3+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1111586 1111587 1112469 1114520
Changes:
imagemagick (8:7.1.2.3+dfsg1-1) unstable; urgency=medium
.
* New upstream version.
* Fix CVE-2025-55212:
Passing a geometry string containing only a colon (":") to montage
-geometry leads GetGeometry() to set width/height to 0. Later,
ThumbnailImage() divides by these zero dimensions, triggering
a crash (SIGFPE/abort), resulting in a denial of service
(Closes: #1111587)
* Fix CVE-2025-55298:
A format string bug vulnerability exists in InterpretImageFilename
function where user input is directly passed to FormatLocaleString
without proper sanitization. An attacker can overwrite arbitrary
memory regions, enabling a wide range of attacks from heap overflow
to remote code execution.
(Closes: #1111586)
* Fix CVE-2025-57803:
A 32-bit integer overflow in the BMP encoder’s scanline-stride
computation collapses bytes_per_line (stride) to a tiny value while
the per-row writer still emits 3 × width bytes for 24-bpp images.
The row base pointer advances using the (overflowed) stride,
so the first row immediately writes past its slot
and into adjacent heap memory with attacker-controlled bytes.
(Closes: #1112469)
* Fix CVE-2025-57807:
ImageMagick versions include insecure functions: SeekBlob(),
which permits advancing the stream offset beyond the current end without
increasing capacity, and WriteBlob(), which then expands by
quantum + length (amortized) instead of offset + length, and copies
to data + offset. When offset ≫ extent, the copy targets memory
beyond the allocation, producing a deterministic heap write
on 64-bit builds
(Closes: #1114520)
Checksums-Sha1:
db60f121d8bbe2612efaa9f002691061def71713 5122 imagemagick_7.1.2.3+dfsg1-1.dsc
d36475c8766d8495cdf1a6b3b486ed3646330cad 10520388 imagemagick_7.1.2.3+dfsg1.orig.tar.xz
9b695bdf3345a21c20b23ba10268c4d7f0eb2032 268272 imagemagick_7.1.2.3+dfsg1-1.debian.tar.xz
64f2e9763ef0abdb4af943e7733429163b83778f 8019 imagemagick_7.1.2.3+dfsg1-1_source.buildinfo
Checksums-Sha256:
e46658e8f8ce95ce236efb60bc6893ad13ffa654006917566d4e1bace23de24d 5122 imagemagick_7.1.2.3+dfsg1-1.dsc
854fc7b7642f47178c3bc2d4464856c0df2cce4778d5948e136b2dd996e8afe8 10520388 imagemagick_7.1.2.3+dfsg1.orig.tar.xz
b89d5cc39aada0315780607899e15b8c2eb57aa1e975f499550316879a19536f 268272 imagemagick_7.1.2.3+dfsg1-1.debian.tar.xz
f2ff6f70ed94ea53e7e4a3b92838e936500fbe4b0aa73fc7931bb717fe04d1c8 8019 imagemagick_7.1.2.3+dfsg1-1_source.buildinfo
Files:
13e798b6f786f48c03cff465e777680a 5122 graphics optional imagemagick_7.1.2.3+dfsg1-1.dsc
fb0a7e4860da03303b5be68a75b68eeb 10520388 graphics optional imagemagick_7.1.2.3+dfsg1.orig.tar.xz
8850bf6f65617e268491bbbad06d6566 268272 graphics optional imagemagick_7.1.2.3+dfsg1-1.debian.tar.xz
dbc57c99765a0dbd41d69e43497019d8 8019 graphics optional imagemagick_7.1.2.3+dfsg1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmi8s7ERHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+GRxAAsLCgsqwHRyPKnmCaG82CZoWcsO+5wGeR
VOWN/3o4vQph7jTKtUSfZujWpqyAWrKkSrdKqDjOBq2dTe1cqaQhA5xq8wXwDx4M
JVw7vKEVUPNMyXHiAeL/KYscDgJxRfXO8wXW8nR9oAxqFS3pybcgZrJisnSR9ED1
jbH0SY569TS/AsTI2+yqgh9vCn8xPU1WA0+2P8XYO50HD/SFQjAydY+aPosinhx+
DOlG03ngJrvUlgaUbAvyMNHDBN0v2KcAG11jjuqDc2lraFtPFfniavavKxAFlAGC
a3xuxWmeN9FIjEVH+jsZp1iRu1IEm6/X9qvKoUMBK30s2nAnYDE+CghyFxZijb1w
4s0VN6GR3P+Zzb4ccc0I3FMLI4XdNmU9GXQAB0o388VLPMBT+PrAsgU/b0Py//g3
ipT2Mu8vmVP9e9tbRCkycNHZXcWCQ8spPGKRUqlbh5LFy4JFmar7fkYTXB0A0yaZ
gShgdY9bmtOXIKT2PDyo8M3p3/8nYXqTLMn8Ed45wZ8gFjAAuEBoO4GTQb6lyYfD
zh0BmM0oM8qbrjJ1BEUWPDzVGN/yRaLE1HGtlhS1UEQr3MpB/Y0HIWJMXxlWQJ55
2VE/HJXe5oehK06qaSMYRHcSZ8cSU1VOsQ5nXi4TV8hyYpSBpl/XK+ELDJuYP/di
KbJcJw2wNPM=
=kAPm
-----END PGP SIGNATURE-----
Attachment:
pgpKSs004P7qt.pgp
Description: PGP signature