Your message dated Sun, 28 Dec 2025 23:05:38 +0000
with message-id <[email protected]>
and subject line Bug#1122827: fixed in imagemagick 8:7.1.2.12+dfsg1-1
has caused the Debian Bug report #1122827,
regarding imagemagick: CVE-2025-65955
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1122827: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122827
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: imagemagick
Version: 8:7.1.2.8+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for imagemagick.
CVE-2025-65955[0]:
| ImageMagick is free and open-source software used for editing and
| manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there
| is a vulnerability in ImageMagick’s Magick++ layer that manifests
| when Options::fontFamily is invoked with an empty string. Clearing a
| font family calls RelinquishMagickMemory on _drawInfo->font, freeing
| the font string but leaving _drawInfo->font pointing to freed memory
| while _drawInfo->family is set to that (now-invalid) pointer. Any
| later cleanup or reuse of _drawInfo->font re-frees or dereferences
| dangling memory. DestroyDrawInfo and other setters (Options::font,
| Image::font) assume _drawInfo->font remains valid, so destruction or
| subsequent updates trigger crashes or heap corruption. This
| vulnerability is fixed in 7.1.2-9 and 6.9.13-34.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-65955
https://www.cve.org/CVERecord?id=CVE-2025-65955
[1]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:7.1.2.12+dfsg1-1
Done: Bastien Roucariès <[email protected]>
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <[email protected]> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 28 Dec 2025 19:32:37 +0100
Source: imagemagick
Architecture: source
Version: 8:7.1.2.12+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: ImageMagick Packaging Team
<[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Closes: 1122584 1122827
Changes:
imagemagick (8:7.1.2.12+dfsg1-1) unstable; urgency=medium
.
* New upstream version
* Fix CVE-2025-65955 (Closes: #1122827)
There is a vulnerability in ImageMagick’s Magick++ layer that
manifests when Options::fontFamily is invoked with an empty
string. Clearing a font family calls RelinquishMagickMemory on
_drawInfo->font, freeing the font string but leaving _drawInfo->font
pointing to freed memory while _drawInfo->family is set to that
(now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font
re-frees or dereferences dangling memory. DestroyDrawInfo and other
setters (Options::font, Image::font) assume _drawInfo->font remains
valid, so destruction or subsequent updates trigger crashes or heap
corruption
* Fix CVE-2025-66628 (Closes: #1122584)
The TIM (PSX TIM) image parser contains a critical integer overflow
vulnerability in its ReadTIMImage function (coders/tim.c). The code
reads width and height (16-bit values) from the file header and
calculates image_size = 2 * width * height without checking for
overflow. On 32-bit systems (or where size_t is 32-bit), this
calculation can overflow if width and height are large (e.g., 65535),
wrapping around to a small value. This results in a small heap
allocation via AcquireQuantumMemory and later operations relying on
the dimensions can trigger an out of bounds read.
Checksums-Sha1:
a09322381b5fb80176ecbd179d6ec74b89e4f48a 5202 imagemagick_7.1.2.12+dfsg1-1.dsc
bee52f0778e83b60af245ce15913df09f53adb7d 10528380
imagemagick_7.1.2.12+dfsg1.orig.tar.xz
6d85303213351c4a7cfef3e6ba2d99a80b9e44f3 267584
imagemagick_7.1.2.12+dfsg1-1.debian.tar.xz
761fbfd27d1fd2d4774bd872462a8e7c5b496571 8344
imagemagick_7.1.2.12+dfsg1-1_source.buildinfo
Checksums-Sha256:
5120ceb4dbc42b75e967ffdc9932958578f6729a27c428feaa9604104be3f6d2 5202
imagemagick_7.1.2.12+dfsg1-1.dsc
56a85bcdd0bd00b52f9a0bb51a25a8e16fb0b8742ce53e7984d7db26229fe245 10528380
imagemagick_7.1.2.12+dfsg1.orig.tar.xz
6c9f335dc4e94b9de403f13d4f1149ef79883be8e86468a717b508eb42913a2f 267584
imagemagick_7.1.2.12+dfsg1-1.debian.tar.xz
418c53e15f9ab3bfb1a476a7ad5a160c8baf776f6e094cd459889851e404cd23 8344
imagemagick_7.1.2.12+dfsg1-1_source.buildinfo
Files:
0e171c78a89d65696ba3fc3b42a7656f 5202 graphics optional
imagemagick_7.1.2.12+dfsg1-1.dsc
16b781d79d7aa251115b7ca613f3b76f 10528380 graphics optional
imagemagick_7.1.2.12+dfsg1.orig.tar.xz
356e3359831fab0be11be31b7aa95b6b 267584 graphics optional
imagemagick_7.1.2.12+dfsg1-1.debian.tar.xz
aea9d754b329c9d001b800de7cf0048f 8344 graphics optional
imagemagick_7.1.2.12+dfsg1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJpUbTcCRAAOhotqkEIX0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmdSC7AyQdT4A6khwK0YZwx3VEZTEoHvE83ZmaSMyNEj
ZhYhBF0Bh7lAokW617D1agA6Gi2qQQhfAADSDQ/+JKL/7rREBuIPg9S2iQaGEiTx
os1sl20BAk0NxMqPlZ1cdgVeCO1TLNN1vq5RVnuVwcaNpEUZVzJ8GGSwOzbLx4YS
GiwuJ/BOB0ZGYQ3LaxiRL5SKfYHUiW46pG65ftk9m+SbUYr5rgNCjQiSCl5lpHYa
wO+A/VFilahOWDmXYdWL5nEwDZktsq9ibb3Nhz/BUQfOJdbEWNcAEsz/D2CdggzL
GQ/6ytgDDzrSo7aB0jH5XWZLbNECANNxvYPIr7flbod2x6euc0q4dc5oudoYlggj
2FDSWY8pavRWb4LoYIMG+a62K1bCKlSEMv8cRGWTHN0glQBuEUZ4kH8nXSfB+S8P
lzXCEqY1Q46TDIxzatYTODmQtk9z5mdWh7LmG0dofyhYnUS4aJPu4tiNxOzusAd5
GjYGyhGK0IbBHon2FNHmh8fRN0B/YzZwYrW3QenVNLxli5PddaxK3FdLK5WMgvpl
OWC2ArtrcoykjjQvpyIoYH+2WCdj0E+Lik3mJkViMGNqUpAQhWu4flz/Hg0QJfu4
AAJ0xKCCWyXIQHS2CKACSHpoEFsUA3F7iEl7TQ8jVwvbV9V1Z0uFopqwxNMofGTh
Pz10I7gCC8XcDgnYFbqmlOBL5qOyHa5Z4OgnecGyB/j6Kq1++CU/mEnQhtTTzv5q
1GPX/mziEJAXKRlYAa4=
=cTeQ
-----END PGP SIGNATURE-----
pgpiuIerjiMUH.pgp
Description: PGP signature
--- End Message ---
