-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 07 Sep 2025 23:54:25 +0200
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc imagemagick-common imagemagick-doc libimage-magick-perl libmagick++-6-headers libmagick++-dev libmagickcore-6-headers libmagickcore-dev libmagickwand-6-headers libmagickwand-dev perlmagick
Architecture: all
Version: 8:6.9.11.60+dfsg-1.6+deb12u4
Distribution: bookworm-security
Urgency: medium
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-common - image manipulation programs -- infrastructure dummy package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 1109339 1111103 1111586 1111587 1112469 1114520
Changes:
 imagemagick (8:6.9.11.60+dfsg-1.6+deb12u4) bookworm-security; urgency=medium
 .
   * Fix CVE-2025-53014:
     A heap buffer overflow was found in the `InterpretImageFilename`
     function. The issue stems from an off-by-one error that causes
     out-of-bounds memory access when processing format strings
     containing consecutive percent signs (`%%`).
     (Closes: #1109339)
   * Fix CVE-2025-53019:
     ImageMagick's `magick stream` command, specifying multiple
     consecutive `%d` format specifiers in a filename template
     causes a memory leak
   * Fix CVE-2025-53101:
     ImageMagick's `magick mogrify` command, specifying
     multiple consecutive `%d` format specifiers in a filename
     template causes internal pointer arithmetic to generate
     an address below the beginning of the stack buffer,
     resulting in a stack overflow through `vsnprintf()`.
   * Fix CVE-2025-55154:
     the magnified size calculations in ReadOneMNGIMage
     (in coders/png.c) are unsafe and can overflow,
     leading to memory corruption.
     (Closes: #1111103)
   * Fix CVE-2025-55212:
     passing a geometry string containing only a colon (":")
     to montage -geometry leads GetGeometry() to set width/height
     to 0. Later, ThumbnailImage() divides by these zero dimensions,
     triggering a crash (SIGFPE/abort)
     (Closes: #1111587)
   * Fix CVE-2025-55298:
     A format string bug vulnerability exists in InterpretImageFilename
     function where user input is directly passed to FormatLocaleString
     without proper sanitization. An attacker can overwrite arbitrary
     memory regions, enabling a wide range of attacks from heap
     overflow to remote code execution.
     (Closes: #1111586)
   * Fix CVE-2025-57803:
     A 32-bit integer overflow in the BMP encoder’s scanline-stride
     computation collapses bytes_per_line (stride) to a tiny
     value while the per-row writer still emits 3 × width bytes
     for 24-bpp images. The row base pointer advances using the
     (overflowed) stride, so the first row immediately writes
     past its slot and into adjacent heap memory with
     attacker-controlled bytes.
     (Closes: #1112469)
   * Fix CVE-2025-57807:
     A security problem was found in SeekBlob(), which permits
     advancing the stream offset beyond the current end without
     increasing capacity, and WriteBlob(), which then expands by
     quantum + length (amortized) instead of offset + length,
     and copies to data + offset. When offset ≫ extent, the
     copy targets memory beyond the allocation, producing a
     deterministic heap write on 64-bit builds. No 2⁶⁴
     arithmetic wrap, external delegates, or policy settings
     are required.
     (Closes: #1114520)
Checksums-Sha1:
 95d90eb50e2c5cdb96f0370a744c16955e7bf06a 167428 imagemagick-6-common_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 0a4d72c26bdaa111bb94825bb1d0732a0a3e5474 7891028 imagemagick-6-doc_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 674f330cfa5232a539a0f0e70ebb95f7369d6a92 1512 imagemagick-common_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 5e5584eaec368205e9e94573b92e5af8d845e79a 1616 imagemagick-doc_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 18e37c87902f6ad96c1d8f67d48db9c735cacf8e 18952 imagemagick_6.9.11.60+dfsg-1.6+deb12u4_all-buildd.buildinfo
 5e6e73c46717eaae85974c7cddf263c626dd8932 53304 libimage-magick-perl_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 ab3fa0998067e1fee0cb78bf1ad8cbfe159b2fad 47532 libmagick++-6-headers_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 834342b9db5b3215a6c47e862b6af9c28bea4912 1368 libmagick++-dev_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 2a338b56d860698985b09a5d998f7b5386a2ed82 50944 libmagickcore-6-headers_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 abbfe5287911166e267ab14ac935d1f1554c1466 1336 libmagickcore-dev_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 ac84ac1d78fdff2d168fb933bebcd14bd5fe0638 10496 libmagickwand-6-headers_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 2c2a9acf07efaa6393b39cef66cef34cfea74fcf 1324 libmagickwand-dev_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 bda9c1c1c924583f1f591d55beaa7fcc7669a247 1360 perlmagick_6.9.11.60+dfsg-1.6+deb12u4_all.deb
Checksums-Sha256:
 f2deda10469e3f263a093500ce541ed8309e6aab2dd7108f5f27693c5e956554 167428 imagemagick-6-common_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 a9cf7d4ccee4b3036f8b598926f8e394e05f1568b9ab25c28a45fc3051f64600 7891028 imagemagick-6-doc_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 7dda029dbe3d24c8690c7d3951701063410697d67fb3732abeba5401f2d5a97c 1512 imagemagick-common_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 930a3675d83b72d32c8f93a3fe39654625db05475ef202f96a6cdac4e20a6851 1616 imagemagick-doc_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 dbcf51b4709c04738896b42a18d5ca0fee6d8904505305223056e41b6e4f68c3 18952 imagemagick_6.9.11.60+dfsg-1.6+deb12u4_all-buildd.buildinfo
 af6fe77de069fcd0b5c96a37db563e5aa444e53321399273fcd4f5029e24687d 53304 libimage-magick-perl_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 c68d2c77e03367e86ab08a223f6923dcc7ed1c506d682b14435aad7d30742c2b 47532 libmagick++-6-headers_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 1c2a5e21fce4a489d4e454bbbc43e805f71361d65ee74a27c62d91cc395ace0c 1368 libmagick++-dev_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 1077fd9b5aa3f3e0078acab0e583805e78569bc799a55b929d509eb1e9439564 50944 libmagickcore-6-headers_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 7952fd4c33893e4200794dc90ab884bd30370295cb3fff86f53a387d08b81295 1336 libmagickcore-dev_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 f6dc92263861e4162ffb9d112ef0ba659c855b97905dac1cdc75d74589ca1497 10496 libmagickwand-6-headers_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 801753fd2abbedc9237e1a694dbd7b8a0999999efcb449f14583fd4ee873cc8b 1324 libmagickwand-dev_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 bcd9121c555c1dba4cf5dbdc60e940a6e1eefb555901b2b8faff94b8a7d2688c 1360 perlmagick_6.9.11.60+dfsg-1.6+deb12u4_all.deb
Files:
 ab8c40f88728885ac68afd0a1b29b879 167428 graphics optional imagemagick-6-common_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 bcdc0be7f69e46c2ca544b412c932403 7891028 doc optional imagemagick-6-doc_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 4b06a857809673480e3e8a74b1b8ecd8 1512 oldlibs optional imagemagick-common_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 cdb53b607d0b62220b077db9ad127100 1616 oldlibs optional imagemagick-doc_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 ef727393d1f99413e98e914b0148f302 18952 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u4_all-buildd.buildinfo
 78f6eeca3db9c7949fe77c23bb4d6882 53304 perl optional libimage-magick-perl_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 bc194c53c5e4879776268f3b5f093d9c 47532 libdevel optional libmagick++-6-headers_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 1e954e3f5da5633e4303785f16e5bcba 1368 oldlibs optional libmagick++-dev_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 bb0b8144edeee80d336cdb3d70212e9b 50944 libdevel optional libmagickcore-6-headers_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 156ddfab3829eac4eda5b7a201f699a6 1336 oldlibs optional libmagickcore-dev_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 7a9e71880d247fb31abac0a45663c296 10496 libdevel optional libmagickwand-6-headers_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 2557f8a984a2ffba45f118e311b1975d 1324 oldlibs optional libmagickwand-dev_6.9.11.60+dfsg-1.6+deb12u4_all.deb
 f1cc41168df0eec62c9ac3d8646ce362 1360 oldlibs optional perlmagick_6.9.11.60+dfsg-1.6+deb12u4_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmjAicQACgkQJm69HxMT
N+r7SA//fLiNS1p1DxdRblzEX7PXRSx0Tcs55kNblo4Wi/CNos3E5HMxT79NNmAX
clEOSzXZE1pyPuN6IzbOHiA4/gGc19h9TzJ8ZD5Zae65MZbQJQEWPJrZzYZFMshY
fLyKXxJG1gbEPD8l0znEl39297L02Zvb8K3Hy7TCZDoRFZF5EfSzfD0Dlt9tKTPf
3kS8DZwYA16hfTaGWJjd9Bog15bxR3h6uctNizg4ByRaOm9eTjDzYojLpxTCFqxh
KC/abgxerXfNCB2h/Xhd5BWnAH+jSouVS9Kepq9rS/GtIIPUrY4Kpq4+rCbzQolJ
zlAj5xk/NZR9dWUGOCDnteRis97zCGIM+8Xnc3myftkEW6+6++XfJv0UuvNzGuTm
dIGQQq1t3bhXDplZ2xvs4MYSrYMoCp/Bg88vrgE8ZuLgFs49CEXlSeZZDStsISef
q5z46zrnFs+D+tES314PIgUVm5Bgi2mVgr6Z+Ce9SCKOghmcEcPM+pw5XmeJT6cD
EI5yFVFyqT23TmtKDfggWz7RJFiP8u43Ekx233bnfrV/u/0aV8EqUK/qawcy6viG
ATpDRx7qflBLQu9rdG/hVD0gdWvic4ncy9h9xCGeDbphCOFqdvdRQwU/gGs0CXna
+5ZDBQUwHGduTX2kDO6A9tUgeVPjLKuDkKpB2Hx7YvdLIwHRg94=
=vkKX
-----END PGP SIGNATURE-----