-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 28 Dec 2025 19:32:37 +0100
Source: imagemagick
Architecture: source
Version: 8:7.1.2.12+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1122584 1122827
Changes:
imagemagick (8:7.1.2.12+dfsg1-1) unstable; urgency=medium
.
* New upstream version
* Fix CVE-2025-65955 (Closes: #1122827)
There is a vulnerability in ImageMagick’s Magick++ layer that
manifests when Options::fontFamily is invoked with an empty
string. Clearing a font family calls RelinquishMagickMemory on
_drawInfo->font, freeing the font string but leaving _drawInfo->font
pointing to freed memory while _drawInfo->family is set to that
(now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font
re-frees or dereferences dangling memory. DestroyDrawInfo and other
setters (Options::font, Image::font) assume _drawInfo->font remains
valid, so destruction or subsequent updates trigger crashes or heap
corruption
* Fix CVE-2025-66628 (Closes: #1122584)
The TIM (PSX TIM) image parser contains a critical integer overflow
vulnerability in its ReadTIMImage function (coders/tim.c). The code
reads width and height (16-bit values) from the file header and
calculates image_size = 2 * width * height without checking for
overflow. On 32-bit systems (or where size_t is 32-bit), this
calculation can overflow if width and height are large (e.g., 65535),
wrapping around to a small value. This results in a small heap
allocation via AcquireQuantumMemory and later operations relying on
the dimensions can trigger an out of bounds read.
Checksums-Sha1:
a09322381b5fb80176ecbd179d6ec74b89e4f48a 5202 imagemagick_7.1.2.12+dfsg1-1.dsc
bee52f0778e83b60af245ce15913df09f53adb7d 10528380 imagemagick_7.1.2.12+dfsg1.orig.tar.xz
6d85303213351c4a7cfef3e6ba2d99a80b9e44f3 267584 imagemagick_7.1.2.12+dfsg1-1.debian.tar.xz
761fbfd27d1fd2d4774bd872462a8e7c5b496571 8344 imagemagick_7.1.2.12+dfsg1-1_source.buildinfo
Checksums-Sha256:
5120ceb4dbc42b75e967ffdc9932958578f6729a27c428feaa9604104be3f6d2 5202 imagemagick_7.1.2.12+dfsg1-1.dsc
56a85bcdd0bd00b52f9a0bb51a25a8e16fb0b8742ce53e7984d7db26229fe245 10528380 imagemagick_7.1.2.12+dfsg1.orig.tar.xz
6c9f335dc4e94b9de403f13d4f1149ef79883be8e86468a717b508eb42913a2f 267584 imagemagick_7.1.2.12+dfsg1-1.debian.tar.xz
418c53e15f9ab3bfb1a476a7ad5a160c8baf776f6e094cd459889851e404cd23 8344 imagemagick_7.1.2.12+dfsg1-1_source.buildinfo
Files:
0e171c78a89d65696ba3fc3b42a7656f 5202 graphics optional imagemagick_7.1.2.12+dfsg1-1.dsc
16b781d79d7aa251115b7ca613f3b76f 10528380 graphics optional imagemagick_7.1.2.12+dfsg1.orig.tar.xz
356e3359831fab0be11be31b7aa95b6b 267584 graphics optional imagemagick_7.1.2.12+dfsg1-1.debian.tar.xz
aea9d754b329c9d001b800de7cf0048f 8344 graphics optional imagemagick_7.1.2.12+dfsg1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJpUbTcCRAAOhotqkEIX0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmdSC7AyQdT4A6khwK0YZwx3VEZTEoHvE83ZmaSMyNEj
ZhYhBF0Bh7lAokW617D1agA6Gi2qQQhfAADSDQ/+JKL/7rREBuIPg9S2iQaGEiTx
os1sl20BAk0NxMqPlZ1cdgVeCO1TLNN1vq5RVnuVwcaNpEUZVzJ8GGSwOzbLx4YS
GiwuJ/BOB0ZGYQ3LaxiRL5SKfYHUiW46pG65ftk9m+SbUYr5rgNCjQiSCl5lpHYa
wO+A/VFilahOWDmXYdWL5nEwDZktsq9ibb3Nhz/BUQfOJdbEWNcAEsz/D2CdggzL
GQ/6ytgDDzrSo7aB0jH5XWZLbNECANNxvYPIr7flbod2x6euc0q4dc5oudoYlggj
2FDSWY8pavRWb4LoYIMG+a62K1bCKlSEMv8cRGWTHN0glQBuEUZ4kH8nXSfB+S8P
lzXCEqY1Q46TDIxzatYTODmQtk9z5mdWh7LmG0dofyhYnUS4aJPu4tiNxOzusAd5
GjYGyhGK0IbBHon2FNHmh8fRN0B/YzZwYrW3QenVNLxli5PddaxK3FdLK5WMgvpl
OWC2ArtrcoykjjQvpyIoYH+2WCdj0E+Lik3mJkViMGNqUpAQhWu4flz/Hg0QJfu4
AAJ0xKCCWyXIQHS2CKACSHpoEFsUA3F7iEl7TQ8jVwvbV9V1Z0uFopqwxNMofGTh
Pz10I7gCC8XcDgnYFbqmlOBL5qOyHa5Z4OgnecGyB/j6Kq1++CU/mEnQhtTTzv5q
1GPX/mziEJAXKRlYAa4=
=cTeQ
-----END PGP SIGNATURE-----
Attachment:
pgpGdmGozH2lt.pgp
Description: PGP signature