Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: imagemagick@packages.debian.org Control: affects -1 + src:imagemagick User: release.debian.org@packages.debian.org Usertags: pu [ Reason ] CVE-2025-62171 [ Impact ] CVE-2025-62171> [ Tests ] Test suite [ Risks ] Low [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] CVE fixed one line change [ Other info ]
diff -Nru imagemagick-7.1.1.43+dfsg1/debian/changelog imagemagick-7.1.1.43+dfsg1/debian/changelog --- imagemagick-7.1.1.43+dfsg1/debian/changelog 2025-09-07 00:31:52.000000000 +0200 +++ imagemagick-7.1.1.43+dfsg1/debian/changelog 2025-10-19 10:37:32.000000000 +0200 @@ -1,3 +1,17 @@ +imagemagick (8:7.1.1.43+dfsg1-1+deb13u3) trixie; urgency=high + + * Fix CVE-2025-62171 (Closes: #1118340) + Integer Overflow in BMP Decoder (ReadBMP): + CVE-2025-57803 claims to be patched, but the fix is incomplete + and ineffective. + . + The patch added BMPOverflowCheck() but placed it + after the overflow occurs, making it useless. + A malicious 58-byte BMP file can trigger AddressSanitizer + crashes and DoS. + + -- Bastien Roucariès <rouca@debian.org> Sun, 19 Oct 2025 10:37:32 +0200 + imagemagick (8:7.1.1.43+dfsg1-1+deb13u2) trixie-security; urgency=high * Fix CVE-2025-55004: diff -Nru imagemagick-7.1.1.43+dfsg1/debian/patches/CVE-2025-62171.patch imagemagick-7.1.1.43+dfsg1/debian/patches/CVE-2025-62171.patch --- imagemagick-7.1.1.43+dfsg1/debian/patches/CVE-2025-62171.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-7.1.1.43+dfsg1/debian/patches/CVE-2025-62171.patch 2025-10-19 10:37:32.000000000 +0200 @@ -0,0 +1,25 @@ +From: Dirk Lemstra <dirk@lemstra.org> +Date: Sun, 12 Oct 2025 20:43:14 +0200 +Subject: Added extra check to resolve issue on 32-bit systems + (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm) + +origin: https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00 +bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118340 +--- + coders/bmp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/coders/bmp.c b/coders/bmp.c +index 8f318e2..6f1b77d 100644 +--- a/coders/bmp.c ++++ b/coders/bmp.c +@@ -1115,6 +1115,8 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if (bmp_info.compression == BI_RLE4) + bmp_info.bits_per_pixel<<=1; ++ if (BMPOverflowCheck(image->columns,bmp_info.bits_per_pixel) != MagickFalse) ++ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + extent=image->columns*bmp_info.bits_per_pixel; + bytes_per_line=4*((extent+31)/32); + if (BMPOverflowCheck(bytes_per_line,image->rows) != MagickFalse) diff -Nru imagemagick-7.1.1.43+dfsg1/debian/patches/series imagemagick-7.1.1.43+dfsg1/debian/patches/series --- imagemagick-7.1.1.43+dfsg1/debian/patches/series 2025-09-07 00:31:52.000000000 +0200 +++ imagemagick-7.1.1.43+dfsg1/debian/patches/series 2025-10-19 10:37:32.000000000 +0200 @@ -52,3 +52,4 @@ CVE-2025-55298-2.patch CVE-2025-57803.patch CVE-2025-57807.patch +CVE-2025-62171.patch diff -Nru imagemagick-7.1.1.43+dfsg1/debian/salsa-ci.yml imagemagick-7.1.1.43+dfsg1/debian/salsa-ci.yml --- imagemagick-7.1.1.43+dfsg1/debian/salsa-ci.yml 2025-09-07 00:31:52.000000000 +0200 +++ imagemagick-7.1.1.43+dfsg1/debian/salsa-ci.yml 2025-10-19 10:37:32.000000000 +0200 @@ -1,8 +1,9 @@ --- include: - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml - - local: '/debian/rdeps-ci.yml' +# - local: '/debian/rdeps-ci.yml' variables: + RELEASE: 'trixie' SALSA_CI_ENABLE_REVERSE_DEPENDENCY_BUILD: 0 SALSA_CI_DISABLE_APTLY: 0
Attachment:
signature.asc
Description: This is a digitally signed message part.