We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1114520@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <rouca@debian.org> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 06 Sep 2025 01:44:14 +0200
Source: imagemagick
Architecture: source
Version: 8:7.1.2.3+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1111586 1111587 1112469 1114520
Changes:
imagemagick (8:7.1.2.3+dfsg1-1) unstable; urgency=medium
.
* New upstream version.
* Fix CVE-2025-55212:
Passing a geometry string containing only a colon (":") to montage
-geometry leads GetGeometry() to set width/height to 0. Later,
ThumbnailImage() divides by these zero dimensions, triggering
a crash (SIGFPE/abort), resulting in a denial of service
(Closes: #1111587)
* Fix CVE-2025-55298:
A format string bug vulnerability exists in InterpretImageFilename
function where user input is directly passed to FormatLocaleString
without proper sanitization. An attacker can overwrite arbitrary
memory regions, enabling a wide range of attacks from heap overflow
to remote code execution.
(Closes: #1111586)
* Fix CVE-2025-57803:
A 32-bit integer overflow in the BMP encoder’s scanline-stride
computation collapses bytes_per_line (stride) to a tiny value while
the per-row writer still emits 3 × width bytes for 24-bpp images.
The row base pointer advances using the (overflowed) stride,
so the first row immediately writes past its slot
and into adjacent heap memory with attacker-controlled bytes.
(Closes: #1112469)
* Fix CVE-2025-57807:
ImageMagick versions include insecure functions: SeekBlob(),
which permits advancing the stream offset beyond the current end without
increasing capacity, and WriteBlob(), which then expands by
quantum + length (amortized) instead of offset + length, and copies
to data + offset. When offset ≫ extent, the copy targets memory
beyond the allocation, producing a deterministic heap write
on 64-bit builds
(Closes: #1114520)
Checksums-Sha1:
db60f121d8bbe2612efaa9f002691061def71713 5122 imagemagick_7.1.2.3+dfsg1-1.dsc
d36475c8766d8495cdf1a6b3b486ed3646330cad 10520388 imagemagick_7.1.2.3+dfsg1.orig.tar.xz
9b695bdf3345a21c20b23ba10268c4d7f0eb2032 268272 imagemagick_7.1.2.3+dfsg1-1.debian.tar.xz
64f2e9763ef0abdb4af943e7733429163b83778f 8019 imagemagick_7.1.2.3+dfsg1-1_source.buildinfo
Checksums-Sha256:
e46658e8f8ce95ce236efb60bc6893ad13ffa654006917566d4e1bace23de24d 5122 imagemagick_7.1.2.3+dfsg1-1.dsc
854fc7b7642f47178c3bc2d4464856c0df2cce4778d5948e136b2dd996e8afe8 10520388 imagemagick_7.1.2.3+dfsg1.orig.tar.xz
b89d5cc39aada0315780607899e15b8c2eb57aa1e975f499550316879a19536f 268272 imagemagick_7.1.2.3+dfsg1-1.debian.tar.xz
f2ff6f70ed94ea53e7e4a3b92838e936500fbe4b0aa73fc7931bb717fe04d1c8 8019 imagemagick_7.1.2.3+dfsg1-1_source.buildinfo
Files:
13e798b6f786f48c03cff465e777680a 5122 graphics optional imagemagick_7.1.2.3+dfsg1-1.dsc
fb0a7e4860da03303b5be68a75b68eeb 10520388 graphics optional imagemagick_7.1.2.3+dfsg1.orig.tar.xz
8850bf6f65617e268491bbbad06d6566 268272 graphics optional imagemagick_7.1.2.3+dfsg1-1.debian.tar.xz
dbc57c99765a0dbd41d69e43497019d8 8019 graphics optional imagemagick_7.1.2.3+dfsg1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmi8s7ERHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+GRxAAsLCgsqwHRyPKnmCaG82CZoWcsO+5wGeR
VOWN/3o4vQph7jTKtUSfZujWpqyAWrKkSrdKqDjOBq2dTe1cqaQhA5xq8wXwDx4M
JVw7vKEVUPNMyXHiAeL/KYscDgJxRfXO8wXW8nR9oAxqFS3pybcgZrJisnSR9ED1
jbH0SY569TS/AsTI2+yqgh9vCn8xPU1WA0+2P8XYO50HD/SFQjAydY+aPosinhx+
DOlG03ngJrvUlgaUbAvyMNHDBN0v2KcAG11jjuqDc2lraFtPFfniavavKxAFlAGC
a3xuxWmeN9FIjEVH+jsZp1iRu1IEm6/X9qvKoUMBK30s2nAnYDE+CghyFxZijb1w
4s0VN6GR3P+Zzb4ccc0I3FMLI4XdNmU9GXQAB0o388VLPMBT+PrAsgU/b0Py//g3
ipT2Mu8vmVP9e9tbRCkycNHZXcWCQ8spPGKRUqlbh5LFy4JFmar7fkYTXB0A0yaZ
gShgdY9bmtOXIKT2PDyo8M3p3/8nYXqTLMn8Ed45wZ8gFjAAuEBoO4GTQb6lyYfD
zh0BmM0oM8qbrjJ1BEUWPDzVGN/yRaLE1HGtlhS1UEQr3MpB/Y0HIWJMXxlWQJ55
2VE/HJXe5oehK06qaSMYRHcSZ8cSU1VOsQ5nXi4TV8hyYpSBpl/XK+ELDJuYP/di
KbJcJw2wNPM=
=kAPm
-----END PGP SIGNATURE-----