-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 18 Oct 2025 11:57:01 +0200 Source: imagemagick Architecture: source Version: 8:7.1.2.7+dfsg1-1 Distribution: unstable Urgency: medium Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1118340 Changes: imagemagick (8:7.1.2.7+dfsg1-1) unstable; urgency=medium . * New upstream version. * Fix CVE-2025-62171 (Closes: #1118340) An integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. Checksums-Sha1: ba2abb9b1da29b896c50685121a5bb5c48c6b5ef 5097 imagemagick_7.1.2.7+dfsg1-1.dsc a9ec9ec76effbaaac1ca0d0a0b911e71e2338463 10527588 imagemagick_7.1.2.7+dfsg1.orig.tar.xz dcd1776a73cf854c5e982306dbc566c841bc34e4 268564 imagemagick_7.1.2.7+dfsg1-1.debian.tar.xz b5d4832ce0462d02fec0569cca8846623860a12f 8114 imagemagick_7.1.2.7+dfsg1-1_source.buildinfo Checksums-Sha256: 82c07fd240804227255ecad5fc5b4466a0094038d1120e9872043d10e79f9164 5097 imagemagick_7.1.2.7+dfsg1-1.dsc e627876db102241d4b803a765edb0dc475e0f60a7284d48f234eebc9aceb24e9 10527588 imagemagick_7.1.2.7+dfsg1.orig.tar.xz 72e40a3765cf04e14b380d669879baaa86378d11da62364c8da92516dcb71acc 268564 imagemagick_7.1.2.7+dfsg1-1.debian.tar.xz 723102db2ac2d555c38ac8d4ee65f56a1083292f9db5cf1c3107374452f34421 8114 imagemagick_7.1.2.7+dfsg1-1_source.buildinfo Files: d6cd6ef7ccb3019d050e2f614f1a88e3 5097 graphics optional imagemagick_7.1.2.7+dfsg1-1.dsc 767b48f61d0d0292b3c961d81ccf0f5c 10527588 graphics optional imagemagick_7.1.2.7+dfsg1.orig.tar.xz 35bbb2bfc4b166c91c54bbc182ca11ce 268564 graphics optional imagemagick_7.1.2.7+dfsg1-1.debian.tar.xz 3de689550dc4f17799d9e5bf6a18d6fe 8114 graphics optional imagemagick_7.1.2.7+dfsg1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmjznqAACgkQADoaLapB CF9yRg//XhyjjyJefS1zY+YS2jeRokgJZ0szZZR/WpDFdkVbzmo8TISl2y1yqcaH 1tt3Fl3MkARFF8CTGMrCt5zT4mPqd/WhFg34XTFf1nSSYC2UT+UI3CUxZlG18d4y sBN0/4WJsfC2n19yhLcHGeNIHIRTAfzScJL2QwJUJB0Z3HnpBgLbV9eLWqNPRmQx v4S+fyOJGOZ5vgyWc6eQHmkPZO2wCitfyWn09/ZMqut4AiAS9x6R12K/cr9YGppY lsrkgVIQXjsy7L7AORoj9jyIr3uMu9bR4w03S+/7jDRP43OgdOL9MM0kg5UVFeWy ITx+rKMqNg0jplyTaWBZ0dNT80pslPhfK25xfdp65kIG6N5HQ95TbhinfXOGpa9J XWxTCljZZl3SZaukr7IGOVtT7QOtyQmjsxZqgP1+7yguilEMfCMyjMqznUO+66yT uPJqU3U8XfxxwkpYKL/WUxIpiY6I9N3NwSfTriE3js+X+u8v1J7brVZKT/ekoAIW SFmUeAUW83qyb/cVWX3WARc+/n8Q2SdDdkHG33vQSsasP++1Ss7ySb6kdelEXOR3 y9Pa7s+fGGTPkYzoTIeHZbrUEG9ovldVIjtIGOyTYie8dz7bVI8zh0i/zB5HtYcp SmV49cuGi+67Oc0L83R1uXd3VYWWnnMpDZFB9cOa/x9KO6wZrOk= =1ENF -----END PGP SIGNATURE-----
