From: ftpmaster@ftp-master.debian.org 
  
 -----BEGIN PGP SIGNED MESSAGE----- 
 Hash: SHA512 
  
 Format: 1.8 
 Date: Sun, 07 Sep 2025 00:31:52 +0200 
 Source: imagemagick 
 Architecture: source 
 Version: 8:7.1.1.43+dfsg1-1+deb13u2 
 Distribution: trixie-security 
 Urgency: high 
 Maintainer: ImageMagick Packaging Team  
 Changed-By: Bastien Roucari€€s  
 Closes: 1111101 1111102 1111103 1111586 1111587 1112469 1114520 
 Changes: 
  imagemagick (8:7.1.1.43+dfsg1-1+deb13u2) trixie-security; urgency=high 
  . 
    * Fix CVE-2025-55004: 
      ImageMagick is vulnerable to heap-buffer overflow 
      read around the handling of images with separate alpha channels 
      when performing image magnification in ReadOneMNGIMage. 
      This can likely be used to leak subsequent memory contents 
      into the output image 
      (Closes: #1111101) 
    * Fix CVE-2025-55005: 
      when preparing to transform from Log to sRGB colorspaces, 
      the logmap construction fails to handle cases where the 
      reference-black or reference-white value is larger than 1024. 
      This leads to corrupting memory beyond the end of the 
      allocated logmap buffer. 
      (Closes: #1111102) 
    * Fix CVE-2025-55154: 
      the magnified size calculations in ReadOneMNGIMage 
      (in coders/png.c) are unsafe and can overflow, leading to 
      memory corruption. 
      (Closes: #1111103) 
    * Fix CVE-2025-55212: 
      Passing a geometry string containing only a colon (":") 
      to montage -geometry leads GetGeometry() to set width/height to 0. 
      Later, ThumbnailImage() divides by these zero dimensions, 
      triggering a crash (SIGFPE/abort), resulting in a denial of service. 
      (Closes: #1111587) 
    * Fix CVE-2025-55298: 
      A format string bug vulnerability exists in InterpretImageFilenam 
      function where user input is directly passed to FormatLocaleString 
      without proper sanitization. An attacker can overwrite arbitrary 
      memory regions, enabling a wide range of attacks from heap 
      overflow to remote code execution. 
      (Closes: #1111586) 
    * Fix CVE-2025-57803: 
      A 32-bit integer overflow in the BMP encoder€€€s scanline-stride 
      computation collapses bytes_per_line (stride) to a tiny 
      value while the per-row writer still emits 3 €€ width bytes 
      for 24-bpp images. The row base pointer advances using the 
      (overflowed) stride, so the first row immediately writes 
      past its slot and into adjacent heap memory with 
      attacker-controlled bytes. 
      (Closes: #1112469) 
    * Fix CVE-2025-57807: 
      A security problem was found in SeekBlob(), which permits 
      advancing the stream offset beyond the current end without 
      increasing capacity, and WriteBlob(), which then expands by 
      quantum + length (amortized) instead of offset + length, 
      and copies to data + offset. When offset €€€ extent, the 
      copy targets memory beyond the allocation, producing a 
      deterministic heap write on 64-bit builds. No 2€€€€€€ 
      arithmetic wrap, external delegates, or policy settings 
      are required. 
      (Closes: #1114520) 
 Checksums-Sha1: 
  fa66b635727109f0ec611889cf6358128bf9ad47 5161 imagemagick_7.1.1 
 43+dfsg1-1+deb13u2.dsc 
  103af0af388a733c043845b228cf3031c16d859b 10501740 imagemagick_7 
 1.1.43+dfsg1.orig.tar.xz 
  170506889f526c68a9360169cee079be5319b3b4 284216 imagemagick_7.1 
 1.43+dfsg1-1+deb13u2.debian.tar.xz 
  612dea8dd46495a0b737978ba1a4ae8f70da3d93 8055 imagemagick_7.1.1 
 43+dfsg1-1+deb13u2_source.buildinfo 
 Checksums-Sha256: 
  381837e384fda4697b72cea12aa51ba503d4a3d045033f0599c8901394d04144 5161 
 imagemagick_7.1.1.43+dfsg1-1+deb13u2.dsc 
  bcb4f3c78a930a608fa4889f889edbcb384974246ad9407fce1858f2c0607bfe 10501740 
 imagemagick_7.1.1.43+dfsg1.orig.tar.xz 
  028a64ae6fcefed9d71fadcc165fb6dce9ee83c979ab1ad7c1c906c51093ca08 284216 
 imagemagick_7.1.1.43+dfsg1-1+deb13u2.debian.tar.xz 
  fc8e7eb21bf20fd2716ab1b19e9516025b5dc829d650b93c64146b62485413cd 8055 
 imagemagick_7.1.1.43+dfsg1-1+deb13u2_source.buildinfo 
 Files: 
  e47c20c1db9d1253751e253a51a36333 5161 graphics optional imagema 
 ick_7.1.1.43+dfsg1-1+deb13u2.dsc 
  01cfb13a7c1813afb50790e431358c6c 10501740 graphics optional ima 
 emagick_7.1.1.43+dfsg1.orig.tar.xz 
  7a27b7e10fec3d428f189478bd8947c3 284216 graphics optional image 
 agick_7.1.1.43+dfsg1-1+deb13u2.debian.tar.xz 
  2a759458d132b50b597575f29b8c1c35 8055 graphics optional imagema 
 ick_7.1.1.43+dfsg1-1+deb13u2_source.buildinfo 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmjAguoRHHJvdWNhQGRl 
 Ymlhbi5vcmcACgkQADoaLapBCF+ekw//ToB/KVCTmo2TEyVAL0DXAFcQ9MPFxKeM 
 AQ6PB7wUR8enYVLlaZqZN9osy84/esKMgNXz9eGjY1zJ+BuUQtu9fckmIHlO+h4/ 
 DHlhyKFMAyg/98VhEDMvMzezcIOiLfGFRcEBTc9JuMDYQFIF1uXAa1ISJo5oLgjC 
 z1Ipb7Xt8MpkOv/i3+INPyOeJGAk/tqyUMKkL3YRU6QNUTa+nhf3BdYmCMJU70cq 
 uxnjxI+W22g2K+5/0tq/Y35Vk0YhqXn1btKWdlwLRjMIo+YrFjpn7kyW2YROODA5 
 +Bjyrh1HmfHN/GqiVp/+hPtyoqUimpuUgYqlL5Sat2gONzha9Sf5NmCP8a81XAKW 
 CJLY/f9tmGGgmwEpCIJJ1bhZW/fSPfzzcAuIUxMIfi5aFCQ4eisU5echjsEFcXMd 
 3W80IaHzae/vDeBx0xYYF7iUcySXx8rbLdwaWJv2KS2uXrKk/fpKBw66WH/hGtG2 
 lImNgcEPrlIuF7xHR+1EAclKEdbAyT3xZ2j+H1irfT+znL6iOfxzj4rP3jPkXmT+ 
 ceH+piswexwMKuRWVOVgN1MslC470F0gBVEzaLeg8wh5Ukbi/fBF0xbCfYyyDgHK 
 bzlAnkPAMuEf5IEaUI7v5pn+9txE9oNLdooyiWEiIt/ryJaV5B2lijXqqVYfI5UW 
 Cvu1IG1nJ0g= 
 =df0R 
 -----END PGP SIGNATURE----- 
  
  
 --==============G38750218729180074=Content-Type: application/pgp-signature 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaMPMegAKCRCb9qggYcy5 
 IRxhAP9HV8v80Hh/LPZpXR0/O/A5DgiQv40Prb0BfFIptEe68AEAtLPp5Syv4l0g 
 p+Rt07U6yqlor0ZiDpl+7inAMhj0ZAc=wBpH 
 -----END PGP SIGNATURE----- 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)