-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 07 Sep 2025 00:31:52 +0200 Source: imagemagick Binary: imagemagick-7-common imagemagick-7-doc libimage-magick-perl libmagick++-7-headers libmagick++-dev libmagickcore-7-headers libmagickcore-dev libmagickwand-7-headers libmagickwand-dev perlmagick Architecture: all Version: 8:7.1.1.43+dfsg1-1+deb13u2 Distribution: trixie-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Bastien Roucariès Description: imagemagick-7-common - image manipulation programs -- infrastructure imagemagick-7-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libmagick++-7-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-7-headers - low-level image manipulation library - header files libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-7-headers - image manipulation library - headers files libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 1111101 1111102 1111103 1111586 1111587 1112469 1114520 Changes: imagemagick (8:7.1.1.43+dfsg1-1+deb13u2) trixie-security; urgency=high . * Fix CVE-2025-55004: ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image (Closes: #1111101) * Fix CVE-2025-55005: when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. (Closes: #1111102) * Fix CVE-2025-55154: the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. (Closes: #1111103) * Fix CVE-2025-55212: Passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. (Closes: #1111587) * Fix CVE-2025-55298: A format string bug vulnerability exists in InterpretImageFilenam function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. (Closes: #1111586) * Fix CVE-2025-57803: A 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. (Closes: #1112469) * Fix CVE-2025-57807: A security problem was found in SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. (Closes: #1114520) Checksums-Sha1: 632bcb2ca383e3449cb75e793f660f16c233663f 68892 imagemagick-7-common_7.1.1.43+dfsg1-1+deb13u2_all.deb 1ced072b215451593a94a311c6bdccc3691984d9 9213792 imagemagick-7-doc_7.1.1.43+dfsg1-1+deb13u2_all.deb e1d14cb9e154e7a4a08497619a421bb64b6895f7 18436 imagemagick_7.1.1.43+dfsg1-1+deb13u2_all-buildd.buildinfo ad19e2c60ae5e29af8ac17fa591cb821c3d0a895 38916 libimage-magick-perl_7.1.1.43+dfsg1-1+deb13u2_all.deb 22553d0efe90a6ba9feea7e4f397e8388f86f28e 47664 libmagick++-7-headers_7.1.1.43+dfsg1-1+deb13u2_all.deb 1e901592bda4727be8f917b0455d15474fec9e6b 1184 libmagick++-dev_7.1.1.43+dfsg1-1+deb13u2_all.deb f4856b25703295e6145cd444a39a199a5f831384 50432 libmagickcore-7-headers_7.1.1.43+dfsg1-1+deb13u2_all.deb 388af98375e58149d1ec4efa938ee09c34ebc467 1164 libmagickcore-dev_7.1.1.43+dfsg1-1+deb13u2_all.deb 4151f11e4bcc981ca16c9e6827600a6786e958be 9872 libmagickwand-7-headers_7.1.1.43+dfsg1-1+deb13u2_all.deb d1d38ae001de6b9115b65aaea5076256ffec9ae5 1144 libmagickwand-dev_7.1.1.43+dfsg1-1+deb13u2_all.deb 5cacd81f52ae49aa295a30e76eee8385d4543ec2 1188 perlmagick_7.1.1.43+dfsg1-1+deb13u2_all.deb Checksums-Sha256: e569e249740e3cc131ca1a835b96988be78187d52972af151a38530698dfc0a4 68892 imagemagick-7-common_7.1.1.43+dfsg1-1+deb13u2_all.deb abd095cb6924fc63564134179a9e82b9106a44d1eabe00f1c8d567c70181e576 9213792 imagemagick-7-doc_7.1.1.43+dfsg1-1+deb13u2_all.deb 65d7aa226389e414536dad0a89b5015613f30a8286df7b8736aaebf41fba157a 18436 imagemagick_7.1.1.43+dfsg1-1+deb13u2_all-buildd.buildinfo aabaa49a3aa99f5e6a54fc4695820353f80d5a494d07659821884d55f216a1e9 38916 libimage-magick-perl_7.1.1.43+dfsg1-1+deb13u2_all.deb 0415637b915d6bf51094463c8df166f68484759930bf6680d6fb4538760d5a5c 47664 libmagick++-7-headers_7.1.1.43+dfsg1-1+deb13u2_all.deb 7c6b7df46d4b7016ea14cddef683f35d37b4831c5926d1dfdd0c1314874023c1 1184 libmagick++-dev_7.1.1.43+dfsg1-1+deb13u2_all.deb fffda576311bd82a504cc0b230b1eea90117d8cb54411a18d2cbd80eb25b1368 50432 libmagickcore-7-headers_7.1.1.43+dfsg1-1+deb13u2_all.deb ef7a44454053ec5cc44b3f873024258c1afc7bc615e907fe0a948b41ee17c2a6 1164 libmagickcore-dev_7.1.1.43+dfsg1-1+deb13u2_all.deb 2f3331839a1036f63609ab4c02528355ec9859ca114161cce4548dc8cbdb07cd 9872 libmagickwand-7-headers_7.1.1.43+dfsg1-1+deb13u2_all.deb 155103fc2b82cbfc273a6edabd93011e17d30686f57584d1cc135aa1707d61ac 1144 libmagickwand-dev_7.1.1.43+dfsg1-1+deb13u2_all.deb 743d060779bdf19f241fcd312c3b34345b59ed5647945811c1ac6749c19cc803 1188 perlmagick_7.1.1.43+dfsg1-1+deb13u2_all.deb Files: 1ca10fde968364e6e826304773a54025 68892 graphics optional imagemagick-7-common_7.1.1.43+dfsg1-1+deb13u2_all.deb 08cf42a10950e7e7d3abbaaadb997558 9213792 doc optional imagemagick-7-doc_7.1.1.43+dfsg1-1+deb13u2_all.deb ed5b522b0c451b7f3bf347f8d4586d67 18436 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u2_all-buildd.buildinfo 5c4fba26632cca2ca03e35d0cc70f0c9 38916 perl optional libimage-magick-perl_7.1.1.43+dfsg1-1+deb13u2_all.deb fd5e7a41e014b2c00a6317194e5c9c3a 47664 libdevel optional libmagick++-7-headers_7.1.1.43+dfsg1-1+deb13u2_all.deb 1b88bbd13280e6a6330a01991cbfee79 1184 oldlibs optional libmagick++-dev_7.1.1.43+dfsg1-1+deb13u2_all.deb 46b224801732247b03811ed785da5f50 50432 libdevel optional libmagickcore-7-headers_7.1.1.43+dfsg1-1+deb13u2_all.deb 271bb017e0b344ce4e57e0ce34b6bd60 1164 oldlibs optional libmagickcore-dev_7.1.1.43+dfsg1-1+deb13u2_all.deb d3d5939034b0d267ff5c1e275a74d14d 9872 libdevel optional libmagickwand-7-headers_7.1.1.43+dfsg1-1+deb13u2_all.deb af6a35bd87fee50a6187845e3ca04377 1144 oldlibs optional libmagickwand-dev_7.1.1.43+dfsg1-1+deb13u2_all.deb 409d3a36780efdc220aae21486690d2b 1188 oldlibs optional perlmagick_7.1.1.43+dfsg1-1+deb13u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHqtYLkdKRyCY94K8fUw6/tXbAmMFAmjAifkACgkQfUw6/tXb AmNkRQ/+M9dXtRDGjcksuqz9yQ9TtFdWcq+BkBXZTdXd3lumYOUNCFgaBLLk8aN3 df3wYT+jsYiajo4rAfEuLVlsvfsI6hKUQFiG6FaY7XqkKekEv/laBJ1R/iDrcP1+ 0eVcA3/bUuXBpBcQDI1kNK9eJK23Kwg0vgaFzzKgVCW3Lxz40pHOrWUVFGdX2L+d S/mcD2o3MFQanRfE3TQLWmz1w+a0oy0HKuS1hL4zp2KHbJxC/5Sp8wSqyjw9oDKw 8XU0CQZLMNnchYniXxxP3cBhR4YfuQkXHgjkf4hHxmECW4q8Gy6GksYTdrwPdhP4 BL06odjzlNAQvH5V+0YZB/dqAglJR5wqDXHgsgPaevRl0amMTW+bMKI1L8z0Cv1J ErjyLor4ZgXeyhQPaUPVZLSSVYcQwK0Vtn+62iidtoDUwC9f8qbHogs8mT8mUCCv CDO866iFC0hNzVj5d22tGkLA/EPhser2gY4ylfjcLMi9xYHxVG4+AzKAeQpu4F1t QQyo7eIxBhJk7jhxX+Nc0DSC7QtIx8CVrp2UX6D/rt/9UxCJ5f8TVu+leMvAzJCv yTWHtEqZ3ceiWZ9TMTBm6t7tQeJeJZQRyAzjsHmdqROt2pv7m/dhDzR5txbf+cDP uykTLUv5QQE6dhtfn+R5y3ZuUxtjmjAHJuBAe9fsi0PPDCgnCZU= =9IUg -----END PGP SIGNATURE-----