-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 30 Dec 2025 19:17:20 +0100 Source: imagemagick Architecture: source Version: 8:6.9.11.60+dfsg-1.3+deb11u8 Distribution: bullseye-security Urgency: high Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1122584 1122827 Changes: imagemagick (8:6.9.11.60+dfsg-1.3+deb11u8) bullseye-security; urgency=high . * Fix CVE-2025-65955 (Closes: #1122827) A vulnerability was found in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption * Fix CVE-2025-66628 (Closes: #1122584) The TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bit values) from the file header and calculates image_size = 2 * width * height without checking for overflow. On 32-bit systems (or where size_t is 32-bit), this calculation can overflow if width and height are large (e.g., 65535), wrapping around to a small value * Fix CVE-2025-68469 ImageMagick crashes when processing a crafted TIFF file. * Fix CVE-2025-68618: Magick's failure to limit the depth of SVG file reads caused a DoS attack. * Fix CVE-2025-68950: Magick's failure to limit MVG mutual references forming a loop * Fix CVE-2025-69204: Converting a malicious MVG file to SVG caused an integer overflow. Checksums-Sha1: 79254bb5c877692690ae1d11fdd04211f9c46ea3 5106 imagemagick_6.9.11.60+dfsg-1.3+deb11u8.dsc 824a63dce5e54bd8b78077d671d8ab06300a8848 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz a00c077ef35500413ad5925b3b20a84d4e0bd742 279484 imagemagick_6.9.11.60+dfsg-1.3+deb11u8.debian.tar.xz fabc5644ff4996ce10e4d5556b8694648730872a 8249 imagemagick_6.9.11.60+dfsg-1.3+deb11u8_source.buildinfo Checksums-Sha256: 2a911fe20ac9cbf8cec3c341e1dab8b3e609d5e5c7370af05d5923e425ffbce0 5106 imagemagick_6.9.11.60+dfsg-1.3+deb11u8.dsc 472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz c348f7ba9d51e7262e8ecacdc79153524e993f2e3ad4f65accad5654d7b47fff 279484 imagemagick_6.9.11.60+dfsg-1.3+deb11u8.debian.tar.xz 05abc146701fbe25f3fecc047c31fb8c07a384f9b4a115b28b43119d4eb2d3b7 8249 imagemagick_6.9.11.60+dfsg-1.3+deb11u8_source.buildinfo Files: df912e0adf0ae5ed400b38e1f3bdd039 5106 graphics optional imagemagick_6.9.11.60+dfsg-1.3+deb11u8.dsc 8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional imagemagick_6.9.11.60+dfsg.orig.tar.xz 21711148aad4ab3a2a137a1971e17f23 279484 graphics optional imagemagick_6.9.11.60+dfsg-1.3+deb11u8.debian.tar.xz 21eaf72234bd1e565625640685f3e63a 8249 graphics optional imagemagick_6.9.11.60+dfsg-1.3+deb11u8_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmlU9RoACgkQADoaLapB CF/TCw//eYzkMVxpdhDNGu92UXwYR1z99WuaohC8g6hDAK/Mwyaa+5LAwCCdhabS DZRh4l0eZYzFJ0uOtIHCieorvWkFi9OIzG+EKPRmPf1hw0uVyDX3NP+Z8VNbrCzF ONIZ/atjITnaxYJaHjF9Wc1sy8pzKCJacai7/LDpGvjjZWZ89tUoQmc/jmMaqYy8 b750rR4WK672oXvGVIXQTe43NEOJns+wooLs8BVza2O0b5PyiCN/GYaBZ5sw5Z57 Ge0uvGu1Z+6+4SL/0TmeXI51Jc3cj+HjTUJt9bL9FPi+j3JgB+UQ7Urq647i0gIh rMbviSnTNNCkImtMElU1O+wYheuFnf8IqW69OMhqncwQ7hMVB1HL1blIz6+AiEX+ k76VjKxor7S9nTfUAv6gGBBAIsx6rcA9i2A3AaBgsOLClUVd2ZtQqOhphYQbYEuF 3aGSQ9XN/rJRpVHoAAUly+iTmO9CGBWLaApf/1N0Kvhm3gwUnoPFEAS+wcsqVX9L HZhmEUoMB2M/8B7W4575Y+YVm1BBUHY/QUvTR4M2cWHmKFW7PBqxYgxM6YCXpGoX Rad63JpGOxJfNZp0VbUp4ZaoQrmgncAmYJse2IJXsrhjkC5Nd/VDevQvnlu+SLe5 4NHAlJTS19JpYfBjf32TS5JLyOUycd6PynnBv/G2BjHNJ8d3kbk= =vr7I -----END PGP SIGNATURE-----
