Your message dated Sat, 06 Sep 2025 22:36:46 +0000
with message-id <[email protected]>
and subject line Bug#1114520: fixed in imagemagick 8:7.1.2.3+dfsg1-1
has caused the Debian Bug report #1114520,
regarding imagemagick: CVE-2025-57807
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1114520: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114520
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: imagemagick
Version: 8:7.1.2.1+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for imagemagick.
CVE-2025-57807[0]:
| ImageMagick is free and open-source software used for editing and
| manipulating digital images. ImageMagick versions lower than 14.8.2
| include insecure functions: SeekBlob(), which permits advancing the
| stream offset beyond the current end without increasing capacity,
| and WriteBlob(), which then expands by quantum + length (amortized)
| instead of offset + length, and copies to data + offset. When offset
| ≫ extent, the copy targets memory beyond the allocation, producing a
| deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap,
| external delegates, or policy settings are required. This is fixed
| in version 14.8.2.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-57807
https://www.cve.org/CVERecord?id=CVE-2025-57807
[1]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg
[2]
https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e
[3]
https://github.com/ImageMagick/ImageMagick6/commit/ab1bb3d8ed06d0ed6aa5038b6a74aebf53af9ccf
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:7.1.2.3+dfsg1-1
Done: Bastien Roucariès <[email protected]>
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <[email protected]> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 06 Sep 2025 01:44:14 +0200
Source: imagemagick
Architecture: source
Version: 8:7.1.2.3+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: ImageMagick Packaging Team
<[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Closes: 1111586 1111587 1112469 1114520
Changes:
imagemagick (8:7.1.2.3+dfsg1-1) unstable; urgency=medium
.
* New upstream version.
* Fix CVE-2025-55212:
Passing a geometry string containing only a colon (":") to montage
-geometry leads GetGeometry() to set width/height to 0. Later,
ThumbnailImage() divides by these zero dimensions, triggering
a crash (SIGFPE/abort), resulting in a denial of service
(Closes: #1111587)
* Fix CVE-2025-55298:
A format string bug vulnerability exists in InterpretImageFilename
function where user input is directly passed to FormatLocaleString
without proper sanitization. An attacker can overwrite arbitrary
memory regions, enabling a wide range of attacks from heap overflow
to remote code execution.
(Closes: #1111586)
* Fix CVE-2025-57803:
A 32-bit integer overflow in the BMP encoder’s scanline-stride
computation collapses bytes_per_line (stride) to a tiny value while
the per-row writer still emits 3 × width bytes for 24-bpp images.
The row base pointer advances using the (overflowed) stride,
so the first row immediately writes past its slot
and into adjacent heap memory with attacker-controlled bytes.
(Closes: #1112469)
* Fix CVE-2025-57807:
ImageMagick versions include insecure functions: SeekBlob(),
which permits advancing the stream offset beyond the current end without
increasing capacity, and WriteBlob(), which then expands by
quantum + length (amortized) instead of offset + length, and copies
to data + offset. When offset ≫ extent, the copy targets memory
beyond the allocation, producing a deterministic heap write
on 64-bit builds
(Closes: #1114520)
Checksums-Sha1:
db60f121d8bbe2612efaa9f002691061def71713 5122 imagemagick_7.1.2.3+dfsg1-1.dsc
d36475c8766d8495cdf1a6b3b486ed3646330cad 10520388
imagemagick_7.1.2.3+dfsg1.orig.tar.xz
9b695bdf3345a21c20b23ba10268c4d7f0eb2032 268272
imagemagick_7.1.2.3+dfsg1-1.debian.tar.xz
64f2e9763ef0abdb4af943e7733429163b83778f 8019
imagemagick_7.1.2.3+dfsg1-1_source.buildinfo
Checksums-Sha256:
e46658e8f8ce95ce236efb60bc6893ad13ffa654006917566d4e1bace23de24d 5122
imagemagick_7.1.2.3+dfsg1-1.dsc
854fc7b7642f47178c3bc2d4464856c0df2cce4778d5948e136b2dd996e8afe8 10520388
imagemagick_7.1.2.3+dfsg1.orig.tar.xz
b89d5cc39aada0315780607899e15b8c2eb57aa1e975f499550316879a19536f 268272
imagemagick_7.1.2.3+dfsg1-1.debian.tar.xz
f2ff6f70ed94ea53e7e4a3b92838e936500fbe4b0aa73fc7931bb717fe04d1c8 8019
imagemagick_7.1.2.3+dfsg1-1_source.buildinfo
Files:
13e798b6f786f48c03cff465e777680a 5122 graphics optional
imagemagick_7.1.2.3+dfsg1-1.dsc
fb0a7e4860da03303b5be68a75b68eeb 10520388 graphics optional
imagemagick_7.1.2.3+dfsg1.orig.tar.xz
8850bf6f65617e268491bbbad06d6566 268272 graphics optional
imagemagick_7.1.2.3+dfsg1-1.debian.tar.xz
dbc57c99765a0dbd41d69e43497019d8 8019 graphics optional
imagemagick_7.1.2.3+dfsg1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmi8s7ERHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+GRxAAsLCgsqwHRyPKnmCaG82CZoWcsO+5wGeR
VOWN/3o4vQph7jTKtUSfZujWpqyAWrKkSrdKqDjOBq2dTe1cqaQhA5xq8wXwDx4M
JVw7vKEVUPNMyXHiAeL/KYscDgJxRfXO8wXW8nR9oAxqFS3pybcgZrJisnSR9ED1
jbH0SY569TS/AsTI2+yqgh9vCn8xPU1WA0+2P8XYO50HD/SFQjAydY+aPosinhx+
DOlG03ngJrvUlgaUbAvyMNHDBN0v2KcAG11jjuqDc2lraFtPFfniavavKxAFlAGC
a3xuxWmeN9FIjEVH+jsZp1iRu1IEm6/X9qvKoUMBK30s2nAnYDE+CghyFxZijb1w
4s0VN6GR3P+Zzb4ccc0I3FMLI4XdNmU9GXQAB0o388VLPMBT+PrAsgU/b0Py//g3
ipT2Mu8vmVP9e9tbRCkycNHZXcWCQ8spPGKRUqlbh5LFy4JFmar7fkYTXB0A0yaZ
gShgdY9bmtOXIKT2PDyo8M3p3/8nYXqTLMn8Ed45wZ8gFjAAuEBoO4GTQb6lyYfD
zh0BmM0oM8qbrjJ1BEUWPDzVGN/yRaLE1HGtlhS1UEQr3MpB/Y0HIWJMXxlWQJ55
2VE/HJXe5oehK06qaSMYRHcSZ8cSU1VOsQ5nXi4TV8hyYpSBpl/XK+ELDJuYP/di
KbJcJw2wNPM=
=kAPm
-----END PGP SIGNATURE-----
pgpa50_uMGqX6.pgp
Description: PGP signature
--- End Message ---
