[Pkg-gmagick-im-team] imagemagick_7.1.1.43+dfsg1-1+deb13u2_source.changes ACCEPTED into proposed-updates

Fri Sep 12 08:32:10 BST 2025

Thank you for your contribution to Debian.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 07 Sep 2025 00:31:52 +0200
Source: imagemagick
Architecture: source
Version: 8:7.1.1.43+dfsg1-1+deb13u2
Distribution: trixie-security
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Closes: 1111101 1111102 1111103 1111586 1111587 1112469 1114520
Changes:
 imagemagick (8:7.1.1.43+dfsg1-1+deb13u2) trixie-security; urgency=high
 .
   * Fix CVE-2025-55004:
     ImageMagick is vulnerable to heap-buffer overflow
     read around the handling of images with separate alpha channels
     when performing image magnification in ReadOneMNGIMage.
     This can likely be used to leak subsequent memory contents
     into the output image
     (Closes: #1111101)
   * Fix CVE-2025-55005:
     when preparing to transform from Log to sRGB colorspaces,
     the logmap construction fails to handle cases where the
     reference-black or reference-white value is larger than 1024.
     This leads to corrupting memory beyond the end of the
     allocated logmap buffer.
     (Closes: #1111102)
   * Fix CVE-2025-55154:
     the magnified size calculations in ReadOneMNGIMage
     (in coders/png.c) are unsafe and can overflow, leading to
     memory corruption.
     (Closes: #1111103)
   * Fix CVE-2025-55212:
     Passing a geometry string containing only a colon (":")
     to montage -geometry leads GetGeometry() to set width/height to 0.
     Later, ThumbnailImage() divides by these zero dimensions,
     triggering a crash (SIGFPE/abort), resulting in a denial of service.
     (Closes: #1111587)
   * Fix CVE-2025-55298:
     A format string bug vulnerability exists in InterpretImageFilenam
     function where user input is directly passed to FormatLocaleString
     without proper sanitization. An attacker can overwrite arbitrary
     memory regions, enabling a wide range of attacks from heap
     overflow to remote code execution.
     (Closes: #1111586)
   * Fix CVE-2025-57803:
     A 32-bit integer overflow in the BMP encoder’s scanline-stride
     computation collapses bytes_per_line (stride) to a tiny
     value while the per-row writer still emits 3 × width bytes
     for 24-bpp images. The row base pointer advances using the
     (overflowed) stride, so the first row immediately writes
     past its slot and into adjacent heap memory with
     attacker-controlled bytes.
     (Closes: #1112469)
   * Fix CVE-2025-57807:
     A security problem was found in SeekBlob(), which permits
     advancing the stream offset beyond the current end without
     increasing capacity, and WriteBlob(), which then expands by
     quantum + length (amortized) instead of offset + length,
     and copies to data + offset. When offset ≫ extent, the
     copy targets memory beyond the allocation, producing a
     deterministic heap write on 64-bit builds. No 2⁶⁴
     arithmetic wrap, external delegates, or policy settings
     are required.
     (Closes: #1114520)
Checksums-Sha1:
 fa66b635727109f0ec611889cf6358128bf9ad47 5161 imagemagick_7.1.1.43+dfsg1-1+deb13u2.dsc
 103af0af388a733c043845b228cf3031c16d859b 10501740 imagemagick_7.1.1.43+dfsg1.orig.tar.xz
 170506889f526c68a9360169cee079be5319b3b4 284216 imagemagick_7.1.1.43+dfsg1-1+deb13u2.debian.tar.xz
 612dea8dd46495a0b737978ba1a4ae8f70da3d93 8055 imagemagick_7.1.1.43+dfsg1-1+deb13u2_source.buildinfo
Checksums-Sha256:
 381837e384fda4697b72cea12aa51ba503d4a3d045033f0599c8901394d04144 5161 imagemagick_7.1.1.43+dfsg1-1+deb13u2.dsc
 bcb4f3c78a930a608fa4889f889edbcb384974246ad9407fce1858f2c0607bfe 10501740 imagemagick_7.1.1.43+dfsg1.orig.tar.xz
 028a64ae6fcefed9d71fadcc165fb6dce9ee83c979ab1ad7c1c906c51093ca08 284216 imagemagick_7.1.1.43+dfsg1-1+deb13u2.debian.tar.xz
 fc8e7eb21bf20fd2716ab1b19e9516025b5dc829d650b93c64146b62485413cd 8055 imagemagick_7.1.1.43+dfsg1-1+deb13u2_source.buildinfo
Files:
 e47c20c1db9d1253751e253a51a36333 5161 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u2.dsc
 01cfb13a7c1813afb50790e431358c6c 10501740 graphics optional imagemagick_7.1.1.43+dfsg1.orig.tar.xz
 7a27b7e10fec3d428f189478bd8947c3 284216 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u2.debian.tar.xz
 2a759458d132b50b597575f29b8c1c35 8055 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmjAguoRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+ekw//ToB/KVCTmo2TEyVAL0DXAFcQ9MPFxKeM
AQ6PB7wUR8enYVLlaZqZN9osy84/esKMgNXz9eGjY1zJ+BuUQtu9fckmIHlO+h4/
DHlhyKFMAyg/98VhEDMvMzezcIOiLfGFRcEBTc9JuMDYQFIF1uXAa1ISJo5oLgjC
z1Ipb7Xt8MpkOv/i3+INPyOeJGAk/tqyUMKkL3YRU6QNUTa+nhf3BdYmCMJU70cq
uxnjxI+W22g2K+5/0tq/Y35Vk0YhqXn1btKWdlwLRjMIo+YrFjpn7kyW2YROODA5
+Bjyrh1HmfHN/GqiVp/+hPtyoqUimpuUgYqlL5Sat2gONzha9Sf5NmCP8a81XAKW
CJLY/f9tmGGgmwEpCIJJ1bhZW/fSPfzzcAuIUxMIfi5aFCQ4eisU5echjsEFcXMd
3W80IaHzae/vDeBx0xYYF7iUcySXx8rbLdwaWJv2KS2uXrKk/fpKBw66WH/hGtG2
lImNgcEPrlIuF7xHR+1EAclKEdbAyT3xZ2j+H1irfT+znL6iOfxzj4rP3jPkXmT+
ceH+piswexwMKuRWVOVgN1MslC470F0gBVEzaLeg8wh5Ukbi/fBF0xbCfYyyDgHK
bzlAnkPAMuEf5IEaUI7v5pn+9txE9oNLdooyiWEiIt/ryJaV5B2lijXqqVYfI5UW
Cvu1IG1nJ0g=
=df0R
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gmagick-im-team/attachments/20250912/08d5915f/attachment.sig>