Your message dated Mon, 15 Sep 2025 20:32:33 +0000
with message-id <[email protected]>
and subject line Bug#1111103: fixed in imagemagick 8:6.9.11.60+dfsg-1.6+deb12u4
has caused the Debian Bug report #1111103,
regarding imagemagick: CVE-2025-55154
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111103: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111103
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: imagemagick
Version: 8:7.1.1.47+dfsg1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for imagemagick.
CVE-2025-55154[0]:
| ImageMagick is free and open-source software used for editing and
| manipulating digital images. Prior to versions 6.9.13-27 and
| 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in
| coders/png.c) are unsafe and can overflow, leading to memory
| corruption. This issue has been patched in versions 6.9.13-27 and
| 7.1.2-1.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-55154
https://www.cve.org/CVERecord?id=CVE-2025-55154
[1]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.11.60+dfsg-1.6+deb12u4
Done: Bastien Roucariès <[email protected]>
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <[email protected]> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 07 Sep 2025 23:54:25 +0200
Source: imagemagick
Architecture: source
Version: 8:6.9.11.60+dfsg-1.6+deb12u4
Distribution: bookworm-security
Urgency: medium
Maintainer: ImageMagick Packaging Team
<[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Closes: 1109339 1111103 1111586 1111587 1112469 1114520
Changes:
imagemagick (8:6.9.11.60+dfsg-1.6+deb12u4) bookworm-security; urgency=medium
.
* Fix CVE-2025-53014:
A heap buffer overflow was found in the `InterpretImageFilename`
function. The issue stems from an off-by-one error that causes
out-of-bounds memory access when processing format strings
containing consecutive percent signs (`%%`).
(Closes: #1109339)
* Fix CVE-2025-53019:
ImageMagick's `magick stream` command, specifying multiple
consecutive `%d` format specifiers in a filename template
causes a memory leak
* Fix CVE-2025-53101:
ImageMagick's `magick mogrify` command, specifying
multiple consecutive `%d` format specifiers in a filename
template causes internal pointer arithmetic to generate
an address below the beginning of the stack buffer,
resulting in a stack overflow through `vsnprintf()`.
* Fix CVE-2025-55154:
the magnified size calculations in ReadOneMNGIMage
(in coders/png.c) are unsafe and can overflow,
leading to memory corruption.
(Closes: #1111103)
* Fix CVE-2025-55212:
passing a geometry string containing only a colon (":")
to montage -geometry leads GetGeometry() to set width/height
to 0. Later, ThumbnailImage() divides by these zero dimensions,
triggering a crash (SIGFPE/abort)
(Closes: #1111587)
* Fix CVE-2025-55298:
A format string bug vulnerability exists in InterpretImageFilename
function where user input is directly passed to FormatLocaleString
without proper sanitization. An attacker can overwrite arbitrary
memory regions, enabling a wide range of attacks from heap
overflow to remote code execution.
(Closes: #1111586)
* Fix CVE-2025-57803:
A 32-bit integer overflow in the BMP encoder’s scanline-stride
computation collapses bytes_per_line (stride) to a tiny
value while the per-row writer still emits 3 × width bytes
for 24-bpp images. The row base pointer advances using the
(overflowed) stride, so the first row immediately writes
past its slot and into adjacent heap memory with
attacker-controlled bytes.
(Closes: #1112469)
* Fix CVE-2025-57807:
A security problem was found in SeekBlob(), which permits
advancing the stream offset beyond the current end without
increasing capacity, and WriteBlob(), which then expands by
quantum + length (amortized) instead of offset + length,
and copies to data + offset. When offset ≫ extent, the
copy targets memory beyond the allocation, producing a
deterministic heap write on 64-bit builds. No 2⁶⁴
arithmetic wrap, external delegates, or policy settings
are required.
(Closes: #1114520)
Checksums-Sha1:
79d5b02adec86c1503fd0db2ac8df8a191a0c0d5 5131
imagemagick_6.9.11.60+dfsg-1.6+deb12u4.dsc
824a63dce5e54bd8b78077d671d8ab06300a8848 9395144
imagemagick_6.9.11.60+dfsg.orig.tar.xz
70c71068c5c82ad582e9a523c935256fae4ee3b6 275684
imagemagick_6.9.11.60+dfsg-1.6+deb12u4.debian.tar.xz
7cf8d6c36d053800677eec088ae28c9c2943e29b 8034
imagemagick_6.9.11.60+dfsg-1.6+deb12u4_source.buildinfo
Checksums-Sha256:
520ab1f2e2310d89018595597b4e922291725aea14d5f835b042ba657a0a5190 5131
imagemagick_6.9.11.60+dfsg-1.6+deb12u4.dsc
472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144
imagemagick_6.9.11.60+dfsg.orig.tar.xz
6d627be6acec16282946f038acb765e8dd0475fc681d17298e84dd0c9593d133 275684
imagemagick_6.9.11.60+dfsg-1.6+deb12u4.debian.tar.xz
ba5ada3a3363e5dc02d0b16a49dfe97ca9a2dc942101c7e5f73d9288ed954155 8034
imagemagick_6.9.11.60+dfsg-1.6+deb12u4_source.buildinfo
Files:
ee9e4cbe88f6e0756a5b9cc1ff64ff69 5131 graphics optional
imagemagick_6.9.11.60+dfsg-1.6+deb12u4.dsc
8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional
imagemagick_6.9.11.60+dfsg.orig.tar.xz
e2f4a6d8aceaae5796b7dfcf69c69d37 275684 graphics optional
imagemagick_6.9.11.60+dfsg-1.6+deb12u4.debian.tar.xz
b69db9c5cafe177d98a6c59f5a71f7b1 8034 graphics optional
imagemagick_6.9.11.60+dfsg-1.6+deb12u4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmi+lOARHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9m1Q/8DzO2RNbgP1Zv9usHCyBsG7wfKga9y9Hi
6dDFx5E6cKbIjx85/4mUAj4DMgenw6WKCc8t81q/5f3HcgV82uv9O8MhqrJBZooH
fEpeKHm4+M8ACc5ZRVHa5bvAT1j3WDfYH2jL/OFlsyrGA17q2NV1NSeHPgJVPxtE
1gKe8++oeHB+TNhAg4WJ6UzHUzMpERSwqaJ//AEIzXYV1ww9djFCUY7/1ynrNjU7
G31M5ZiBInDQFk+5XcpnWZgX2k4Iz8uIrmPh1MR5JKGgkYM7BKwlwJSUBi4e6+Yd
MjD65hEkzY7CHlzlYswYESG+MTrKPZZ/brpuiN4GbzIkIA0P0M5Zca8wVKkq6L/1
kC+JcTsBJzUpP5pBkv0wfFGMk8iW+MBH9YVkW8KlbI+BZiuUQ4OB0ul+iFYKKV6d
B+dgAueAEFkC5oyDTCoF9+IKUrPr5nqy/OKQM5XUNwmHpLMNWEbhX0SF+TtEQ5YC
TfX2BA23zw6MX7DBdTeHzXzX7PCLW5neW6qOkisvx46p/ubKNydoF8BHGC+hlSEk
7IHmGyGE7AvtHK963pKemu+qa+6O+LVIoXSA5ET2fAj9ttPZEDG55xuAdAhtETAj
KViv3wX3OjEwbOOovuAmMqD99Zn9Q1ByG+CpJcRPrhGtqGjM6NO2WO0WSg67qZFR
OTM+OikhAPg=
=CjgP
-----END PGP SIGNATURE-----
pgpJw7qGH20TR.pgp
Description: PGP signature
--- End Message ---
