-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 19 Oct 2025 10:37:32 +0200 Source: imagemagick Architecture: source Version: 8:7.1.1.43+dfsg1-1+deb13u3 Distribution: trixie Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1118340 Changes: imagemagick (8:7.1.1.43+dfsg1-1+deb13u3) trixie; urgency=high . * Fix CVE-2025-62171 (Closes: #1118340) Integer Overflow in BMP Decoder (ReadBMP): CVE-2025-57803 claims to be patched, but the fix is incomplete and ineffective. . The patch added BMPOverflowCheck() but placed it after the overflow occurs, making it useless. A malicious 58-byte BMP file can trigger AddressSanitizer crashes and DoS. Checksums-Sha1: f4bf6e255bee2c68a74c17dcacd9a11a601cc326 5136 imagemagick_7.1.1.43+dfsg1-1+deb13u3.dsc 103af0af388a733c043845b228cf3031c16d859b 10501740 imagemagick_7.1.1.43+dfsg1.orig.tar.xz 8d6842ed6c955dbee61f3919db367e67cb7ea272 284576 imagemagick_7.1.1.43+dfsg1-1+deb13u3.debian.tar.xz f17804174754510877d932705399ec3b0a69e442 30879 imagemagick_7.1.1.43+dfsg1-1+deb13u3_amd64.buildinfo Checksums-Sha256: a69cd7df2ddd66b2c940aa1f94f0ab343f0b0c2ca162dee17cca0ac8f03d8280 5136 imagemagick_7.1.1.43+dfsg1-1+deb13u3.dsc bcb4f3c78a930a608fa4889f889edbcb384974246ad9407fce1858f2c0607bfe 10501740 imagemagick_7.1.1.43+dfsg1.orig.tar.xz 65cc60e2f990fa43d5c37a1ca181983a33df4b3f851addf3ce83a9f89cc35ff5 284576 imagemagick_7.1.1.43+dfsg1-1+deb13u3.debian.tar.xz a4e59f3ae41efb25e29385e4259050f65b0848ce4e159b186a5d46489fc6b9c7 30879 imagemagick_7.1.1.43+dfsg1-1+deb13u3_amd64.buildinfo Files: 2b3102bad99be3f25ed7a6796706b851 5136 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u3.dsc 01cfb13a7c1813afb50790e431358c6c 10501740 graphics optional imagemagick_7.1.1.43+dfsg1.orig.tar.xz 6f362dbc50a82f466b9304e87775cb44 284576 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u3.debian.tar.xz 90e41f7205506455ab42cc927c005369 30879 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmkGRysACgkQADoaLapB CF/vABAAkj+jur80hLrqzl4w/O6js1XDgxUTlKluN2x09rf1ERfdTAbwYNtCW+GR 3tOnL6X4MvWKQhSZGKuIpYPrBt6G/Il8Oh3V8jTsJx95Q8U97zsEquD07rWrlmUw yy2VheNP7VDEujruoMX+beFpZxnh2VLna7IxABzi4zeCkm2tXGR4j61EbH2dPXJk jN/t+MdiSOaHzSRQp3NB42ZgLPjvVzAvRhLuwZH1ieo187m1tdC5QzbskXkz0kXg nh7yNRU1uXwY5u5/VlLdI04bl5e8J8nIZ7H3IxTnUndhLSiKzt0tcEqg6xz+te/Q qwtMBkSJ2t8wKIdTxOQxHDbhEoEh2ZSLSNkgPgvn7DaOJKvf2YoiJLeaAplqA/5D 3qgtAOIwS+GSl5Lp+B6qjtRjgK4fwY7Kc5paR/Sems0mAfHRzt4lw0OliP7MV1SB 9L8jamdU3IMaWA6sVk1AUQOveCgMY0CDuWE+2ltmu+yn1YGJ903VbgBbg/Eq/022 ZYOHos3hDzk/EzSYA+Qy7cj4mCyDaI6EVO7D9mt5ziggKZENMgqnC826fqwHKbUm PLRFso/LFflhl9ZzZFfdCoiULxldreL9d6At6eZMheLwkpER2mQ7T2mWsg26PG/9 PCic1loHCZZotBY4/j6gkY57WQ25XSl11EkKPsrg3gUzP1Amkmk= =aSMJ -----END PGP SIGNATURE-----
