-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 15 Jul 2025 22:29:23 +0200 Source: imagemagick Architecture: source Version: 8:7.1.1.43+dfsg1-1+deb13u1 Distribution: trixie Urgency: medium Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1109339 Changes: imagemagick (8:7.1.1.43+dfsg1-1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-53014: A heap buffer overflow was found in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). (Closes: #1109339) * Fix CVE-2025-53015: Infinite loop occur when writing during a specific XMP file conversion command (Closes: #1109339) * Fix CVE-2025-53019: `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak (Closes: #1109339) * Fix CVE-2025-53101: `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()` (Closes: #1109339) * Fix CVE-2025-43965: In MIFF image processing, image depth is mishandled after SetQuantumFormat is used. * Fix CVE-2025-46393: In multispectral MIFF image processing, packet_size is mishandled. Checksums-Sha1: 08a497fc2d4f3ffb09e9b4df5a0ec608a2233e68 5136 imagemagick_7.1.1.43+dfsg1-1+deb13u1.dsc a0f4484fe9a397d714bf5f0e1d803a5c3e3fbe9f 277660 imagemagick_7.1.1.43+dfsg1-1+deb13u1.debian.tar.xz de32ff184bbfe8455bb6cd9d6c67616d30746282 30557 imagemagick_7.1.1.43+dfsg1-1+deb13u1_amd64.buildinfo Checksums-Sha256: 8e81a74a85be19f0aa3511db289955935b3d30b5c655e911dd10df5bf60a9444 5136 imagemagick_7.1.1.43+dfsg1-1+deb13u1.dsc 2b07de47ae8270c0054f5de9bef6f79c9560610f3c7f186ec459d048a4e057b8 277660 imagemagick_7.1.1.43+dfsg1-1+deb13u1.debian.tar.xz 7a433ae198448d708d6079c8e45eb0b30fc1e660207b089677021ef832cba5d8 30557 imagemagick_7.1.1.43+dfsg1-1+deb13u1_amd64.buildinfo Files: f5396df5cb49623d1a055ad5e9b5cb02 5136 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u1.dsc 65f6aa18b139bfbaa4fec920b1adf89f 277660 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u1.debian.tar.xz 5766f530ea54fd36dd13293e49e4be31 30557 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmh6v/UACgkQADoaLapB CF+s6w/+JZy+KRU78JnOX5e827FitMW7uwgXOjbVM39Ivpe9ADV4sNRh4Syf4EIw g00P/hKzcUJsK9Pgs7k9PWhFdHlkVa1Ujr8m0ikj3ly6D4RIAVDS8CTixVsH/RID +CQklI+zgOtRrXnycR0kMFEfkpU3+YkSPA7SOmXtnvfG2MGe99w9opVYe9OpSV8Z 9pfrVLTUYM/mA+xM0N39+WwiKuVne3px6UYHpaYgqcQ2oauKdLSyxQvoHHZ9Dzj3 4rn5SxxhuKBOCVc7KeXo45Ho/jqnHdIUunmS97HyBx1+P3viPY/XsXB4q2XkVTl+ eaRqWuUMNy65V1kT4Gn31cC/H/lNem8+ii6jCTS6i0KWNQfKEBGgUOlhD3ibVwL+ Ar58bDcW8xr8H2SL3ZAkTeoDMxDxag/j+2M8UaWRjq1fKE6ndNcB9aMYM7Bly3c0 9WH4GgqHDmk966u6hRonCk0B9iB3nVEF5f6tOuByUM+q1rmXJDSEgYMTNhLQzQnE 9Qnnac4gA3lPQMvL4H3jAKE8ToVTysTdpf+dgem759lwnuvuZNwt9xM4Cnfseblg STWIYorC6ThWWANdrHn4EX9BLpGIDqPQeQn3YLiUBfaJU8EjfhKIReR/+BoEbOL+ FSuK6RBKCs/ATlBr1QPp1pOf8eE8BFR87GFdCe92PtH7wIG8NXk= =9eVf -----END PGP SIGNATURE-----
Attachment:
pgpeYPeAorz2h.pgp
Description: PGP signature