Accepted imagemagick 8:6.9.11.60+dfsg-1.3+deb11u6 (source) into oldoldstable-security

[Debian FTP Masters <ftpmaster@ftp-master.debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Sep 2025 21:48:40 +0200
Source: imagemagick
Architecture: source
Version: 8:6.9.11.60+dfsg-1.3+deb11u6
Distribution: bullseye-security
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1109339 1111103 1111586 1111587 1112469 1114520
Changes:
 imagemagick (8:6.9.11.60+dfsg-1.3+deb11u6) bullseye-security; urgency=medium
 .
   * Fix CVE-2025-53014:
     A heap buffer overflow was found in the `InterpretImageFilename`
     function. The issue stems from an off-by-one error that causes
     out-of-bounds memory access when processing format strings
     containing consecutive percent signs (`%%`).
     (Closes: #1109339)
   * Fix CVE-2025-53019:
     ImageMagick's `magick stream` command, specifying multiple
     consecutive `%d` format specifiers in a filename template
     causes a memory leak
   * Fix CVE-2025-53101:
     ImageMagick's `magick mogrify` command, specifying
     multiple consecutive `%d` format specifiers in a filename
     template causes internal pointer arithmetic to generate
     an address below the beginning of the stack buffer,
     resulting in a stack overflow through `vsnprintf()`.
   * Fix CVE-2025-55154:
     the magnified size calculations in ReadOneMNGIMage
     (in coders/png.c) are unsafe and can overflow,
     leading to memory corruption.
     (Closes: #1111103)
   * Fix CVE-2025-55212:
     passing a geometry string containing only a colon (":")
     to montage -geometry leads GetGeometry() to set width/height
     to 0. Later, ThumbnailImage() divides by these zero dimensions,
     triggering a crash (SIGFPE/abort)
     (Closes: #1111587)
   * Fix CVE-2025-55298:
     A format string bug vulnerability exists in InterpretImageFilename
     function where user input is directly passed to FormatLocaleString
     without proper sanitization. An attacker can overwrite arbitrary
     memory regions, enabling a wide range of attacks from heap
     overflow to remote code execution.
     (Closes: #1111586)
   * Fix CVE-2025-57803:
     A 32-bit integer overflow in the BMP encoder’s scanline-stride
     computation collapses bytes_per_line (stride) to a tiny
     value while the per-row writer still emits 3 × width bytes
     for 24-bpp images. The row base pointer advances using the
     (overflowed) stride, so the first row immediately writes
     past its slot and into adjacent heap memory with
     attacker-controlled bytes.
     (Closes: #1112469)
   * Fix CVE-2025-57807:
     A security problem was found in SeekBlob(), which permits
     advancing the stream offset beyond the current end without
     increasing capacity, and WriteBlob(), which then expands by
     quantum + length (amortized) instead of offset + length,
     and copies to data + offset. When offset ≫ extent, the
     copy targets memory beyond the allocation, producing a
     deterministic heap write on 64-bit builds. No 2⁶⁴
     arithmetic wrap, external delegates, or policy settings
     are required.
     (Closes: #1114520)
Checksums-Sha1:
 c2b5aeaddc5b370a847474de768b9f8d0c048e7b 5131 imagemagick_6.9.11.60+dfsg-1.3+deb11u6.dsc
 824a63dce5e54bd8b78077d671d8ab06300a8848 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz
 ff8a89576694a36843ac2112f7a52533d9b104c9 276868 imagemagick_6.9.11.60+dfsg-1.3+deb11u6.debian.tar.xz
 ec7da95a4ab28912418c6e253f3a832cf215b6ae 8034 imagemagick_6.9.11.60+dfsg-1.3+deb11u6_source.buildinfo
Checksums-Sha256:
 e43d9a8eebd5d34b863f38d18f51e520c333cf22e7fbfa24b17ddd2c63b1980c 5131 imagemagick_6.9.11.60+dfsg-1.3+deb11u6.dsc
 472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz
 481aec5e5c2aaba29784c9da9aef83906cdcd3548a0f12ff3ddef7f34b1a5d97 276868 imagemagick_6.9.11.60+dfsg-1.3+deb11u6.debian.tar.xz
 911ca7170282d1ad1cdaa6c8b9f3d25bad265048170ad049b855e657205589ec 8034 imagemagick_6.9.11.60+dfsg-1.3+deb11u6_source.buildinfo
Files:
 0be54d5426b109853dd3452c2b4d3c4e 5131 graphics optional imagemagick_6.9.11.60+dfsg-1.3+deb11u6.dsc
 8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional imagemagick_6.9.11.60+dfsg.orig.tar.xz
 28fda0a95ea6e464c743b9ab76f0765d 276868 graphics optional imagemagick_6.9.11.60+dfsg-1.3+deb11u6.debian.tar.xz
 5204dd7271b95178f48b294ec93a980f 8034 graphics optional imagemagick_6.9.11.60+dfsg-1.3+deb11u6_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmjB2yARHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9rPg//dvwyvyign+teW2lhK23PisjJcerZAMS+
BmThd5eBpajVGYduelRuawUQp+iQjcETYv0FglMBPQ3tomO4Jd10+anvKUcAOCox
dOVoJNvBIvHQQVehVH24q/cXcXD0HdDSDrZqZQVMtPU5oxYQGCdJ+pXa8LjTUlxQ
lD2dFk+D3YzCAlWaoXpDXNO4ta0fq55NQ5QoILAP+wBUiafXoRVQKfIAoQRjjntZ
wry6hS9M3juI/rayJPh8QYEFSmLepDREQOzYIE6bapak57nSyfPEKgpZfq9/rF0I
iYfqG+1yrYVn0DcuM3EpmFpJUyTmCociK7mcKrxB7wh4CnJWFP6gdioaPp3lcdWS
44HqtkBJMoDl7+6uq6KCX2A4mb27kL9+8JDEvJrHnRpb+zDg2mbVoL2IPHpoknoq
QHGq20BEvjNYUxPBpEaS3UZ2YFb9Uqm+zgvp51AgwYoPyKKpZ5+Xs4EHR4tw1bIH
xsdcNZcpCFXyzj9K6aHRg1zeeVRQKG7h/hrsJb1SeN53RWNPVEpyzAfpGitHDgbO
SebIdxZz8+uMj5kIGzk1rnY01DXEhvqCPregcSUcYj57myDB5eCd7RQ0WRiV3VZG
wHfEU1BUDoVAUebIqODbffWxoBgeQ1oU4OpdW/X52gErGLNueESYldD81lSW5Hlu
NHylw3PwAcw=
=qEAo
-----END PGP SIGNATURE-----

Attachment: pgpHE5BgrRs8C.pgp
Description: PGP signature