-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 29 Dec 2025 00:33:04 +0100 Source: imagemagick Architecture: source Version: 8:7.1.1.43+dfsg1-1+deb13u4 Distribution: trixie Urgency: high Maintainer: ImageMagick Packaging Team Changed-By: Bastien Roucariès Closes: 1119296 1122584 1122827 Changes: imagemagick (8:7.1.1.43+dfsg1-1+deb13u4) trixie; urgency=high . * Fix CVE-2025-62594 (Closes: #1119296) Imagemagick is vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. * Fix CVE-2025-65955 (Closes: #1122827) There is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. * Fix CVE-2025-66628 (Closes: #1122584) The TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bit values) from the file header and calculates image_size = 2 * width * height without checking for overflow. On 32-bit systems (or where size_t is 32-bit), this calculation can overflow if width and height are large (e.g., 65535), wrapping around to a small value. * Fix CVE-2025-68618: Magick's failure to limit the depth of SVG file reads caused a DoS attack. * Do not allow vid for vector graphics * Fix CVE-2025-68950: Magick's failure to limit MVG mutual references forming a loop * Fix CVE-2025-69204: Converting a malicious MVG file to SVG caused an integer overflow. Checksums-Sha1: 1a140b665fbc9edc6e00bf33f884e4aedf2cd997 5136 imagemagick_7.1.1.43+dfsg1-1+deb13u4.dsc 103af0af388a733c043845b228cf3031c16d859b 10501740 imagemagick_7.1.1.43+dfsg1.orig.tar.xz b3eb17ff9d26843ad463a8ce8179e79723a6f874 288996 imagemagick_7.1.1.43+dfsg1-1+deb13u4.debian.tar.xz 33d8c99351aaf649b1f77c640f49ca7439404542 8270 imagemagick_7.1.1.43+dfsg1-1+deb13u4_source.buildinfo Checksums-Sha256: 9913957b585bd2e91968912b41a74b52d496c332f1342be670de2afd91d5c091 5136 imagemagick_7.1.1.43+dfsg1-1+deb13u4.dsc bcb4f3c78a930a608fa4889f889edbcb384974246ad9407fce1858f2c0607bfe 10501740 imagemagick_7.1.1.43+dfsg1.orig.tar.xz 52a6658222229e073106de16919e39e84ee0b441b11ea1ee557e7775ba40c97d 288996 imagemagick_7.1.1.43+dfsg1-1+deb13u4.debian.tar.xz 4d32c1bb791c0ae3ddb157f0304c0b75f8cfc2282f46a9ca50d8a9727492886e 8270 imagemagick_7.1.1.43+dfsg1-1+deb13u4_source.buildinfo Files: 92be380e1be6a428dceee7880bd378c3 5136 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u4.dsc 01cfb13a7c1813afb50790e431358c6c 10501740 graphics optional imagemagick_7.1.1.43+dfsg1.orig.tar.xz 790670e5bec04c4d38f525e47952892e 288996 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u4.debian.tar.xz 4ef673b9e5eae2de82bb6712d41a1082 8270 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmlZBTAACgkQADoaLapB CF8uQhAAmmzUlGmi1hj41f24fbqQugEl4XSlxvHKBi4eiFZF11Xnw0eTwpe65kuS z6HHqMeRqPybiVrhJE3MakxVuCM7yx4VffhkSc+9EyfbWBPrgx2AXJVAXMrePI8F +7Hu8bMKLuMsF6yz+tsLd18s8S3t28U8aEzD9FfMG/U6kMwTkj89D5H+9z0pXtlK dS07EL+lF4KMOFJOf0jX3cirg1yOCmQVasLF0EWnDrkPoT7jcxJVVrAZL4eyY3Nt SU4stSGtIGWFQizIzlrtMDEDl943vjgYefDZabC4snLFyHj/AZma+5hm9FxLcxi/ mCAqLQE3yKYl3CJbYewf6NaGw40Xmb3Ee9khNJ3Yw3E+VROIy6CufJakPcX7x7fz LE5jGkb7havCx2n/5wplkr0cjaC18VmvSKmA201TMKqyLIOCGxi9QV2Qev1sVCQM o5vy6/WM3POAQygYoISLBwXV6HBjUTfQRQ6++l0NuQR9zxpLPrlJW5yZN7HeZAx5 tcE01GrJf4AAsqn8fgIZi9vJmxiJnDW9v6L//ikz3bwuQNkJUFt5klK+52eBW1Gd TOl7vaGLHHE1/htFmp4nnGUPqElLxdF4tksQtwn0MzxT6DYAsK8VdlFGH27yH9ls NfttB2mBv207xRTBQfUZXFr+bCS0os3x4in9OtcFsKm8pboeITU= =kLf2 -----END PGP SIGNATURE-----