Your message dated Sat, 03 Jan 2026 16:17:05 +0000
with message-id <[email protected]>
and subject line Bug#1122584: fixed in imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
has caused the Debian Bug report #1122584,
regarding imagemagick: CVE-2025-66628
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1122584: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122584
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: imagemagick
Version: 8:7.1.2.8+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for imagemagick.
CVE-2025-66628[0]:
| ImageMagick is a software suite to create, edit, compose, or convert
| bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM)
| image parser contains a critical integer overflow vulnerability in
| its ReadTIMImage function (coders/tim.c). The code reads width and
| height (16-bit values) from the file header and calculates
| image_size = 2 * width * height without checking for overflow. On
| 32-bit systems (or where size_t is 32-bit), this calculation can
| overflow if width and height are large (e.g., 65535), wrapping
| around to a small value. This results in a small heap allocation via
| AcquireQuantumMemory and later operations relying on the dimensions
| can trigger an out of bounds read. This issue is fixed in version
| 7.1.2-10.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-66628
https://www.cve.org/CVERecord?id=CVE-2025-66628
[1]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hjr-v6g4-3fm8
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:7.1.1.43+dfsg1-1+deb13u4
Done: Bastien Roucariès <[email protected]>
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <[email protected]> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 Dec 2025 00:33:04 +0100
Source: imagemagick
Architecture: source
Version: 8:7.1.1.43+dfsg1-1+deb13u4
Distribution: trixie
Urgency: high
Maintainer: ImageMagick Packaging Team
<[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Closes: 1119296 1122584 1122827
Changes:
imagemagick (8:7.1.1.43+dfsg1-1+deb13u4) trixie; urgency=high
.
* Fix CVE-2025-62594 (Closes: #1119296)
Imagemagick is vulnerable to denial-of-service due to unsigned integer
underflow and division-by-zero in the CLAHEImage function. When tile
width or height is zero, unsigned underflow occurs in pointer
arithmetic, leading to out-of-bounds memory access, and
division-by-zero causes immediate crashes.
* Fix CVE-2025-65955 (Closes: #1122827)
There is a vulnerability in ImageMagick’s Magick++ layer that
manifests when Options::fontFamily is invoked with an empty
string. Clearing a font family calls RelinquishMagickMemory on
_drawInfo->font, freeing the font string but leaving _drawInfo->font
pointing to freed memory while _drawInfo->family is set to that
(now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font
re-frees or dereferences dangling memory. DestroyDrawInfo and other
setters (Options::font, Image::font) assume _drawInfo->font remains
valid, so destruction or subsequent updates trigger crashes or heap
corruption.
* Fix CVE-2025-66628 (Closes: #1122584)
The TIM (PSX TIM) image parser contains a critical integer overflow
vulnerability in its ReadTIMImage function (coders/tim.c). The code
reads width and height (16-bit values) from the file header and
calculates image_size = 2 * width * height without checking for
overflow. On 32-bit systems (or where size_t is 32-bit), this
calculation can overflow if width and height are large (e.g., 65535),
wrapping around to a small value.
* Fix CVE-2025-68618:
Magick's failure to limit the depth of SVG file reads caused
a DoS attack.
* Do not allow vid for vector graphics
* Fix CVE-2025-68950:
Magick's failure to limit MVG mutual references forming a loop
* Fix CVE-2025-69204:
Converting a malicious MVG file to SVG caused an integer overflow.
Checksums-Sha1:
1a140b665fbc9edc6e00bf33f884e4aedf2cd997 5136
imagemagick_7.1.1.43+dfsg1-1+deb13u4.dsc
103af0af388a733c043845b228cf3031c16d859b 10501740
imagemagick_7.1.1.43+dfsg1.orig.tar.xz
b3eb17ff9d26843ad463a8ce8179e79723a6f874 288996
imagemagick_7.1.1.43+dfsg1-1+deb13u4.debian.tar.xz
33d8c99351aaf649b1f77c640f49ca7439404542 8270
imagemagick_7.1.1.43+dfsg1-1+deb13u4_source.buildinfo
Checksums-Sha256:
9913957b585bd2e91968912b41a74b52d496c332f1342be670de2afd91d5c091 5136
imagemagick_7.1.1.43+dfsg1-1+deb13u4.dsc
bcb4f3c78a930a608fa4889f889edbcb384974246ad9407fce1858f2c0607bfe 10501740
imagemagick_7.1.1.43+dfsg1.orig.tar.xz
52a6658222229e073106de16919e39e84ee0b441b11ea1ee557e7775ba40c97d 288996
imagemagick_7.1.1.43+dfsg1-1+deb13u4.debian.tar.xz
4d32c1bb791c0ae3ddb157f0304c0b75f8cfc2282f46a9ca50d8a9727492886e 8270
imagemagick_7.1.1.43+dfsg1-1+deb13u4_source.buildinfo
Files:
92be380e1be6a428dceee7880bd378c3 5136 graphics optional
imagemagick_7.1.1.43+dfsg1-1+deb13u4.dsc
01cfb13a7c1813afb50790e431358c6c 10501740 graphics optional
imagemagick_7.1.1.43+dfsg1.orig.tar.xz
790670e5bec04c4d38f525e47952892e 288996 graphics optional
imagemagick_7.1.1.43+dfsg1-1+deb13u4.debian.tar.xz
4ef673b9e5eae2de82bb6712d41a1082 8270 graphics optional
imagemagick_7.1.1.43+dfsg1-1+deb13u4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmlZBTAACgkQADoaLapB
CF8uQhAAmmzUlGmi1hj41f24fbqQugEl4XSlxvHKBi4eiFZF11Xnw0eTwpe65kuS
z6HHqMeRqPybiVrhJE3MakxVuCM7yx4VffhkSc+9EyfbWBPrgx2AXJVAXMrePI8F
+7Hu8bMKLuMsF6yz+tsLd18s8S3t28U8aEzD9FfMG/U6kMwTkj89D5H+9z0pXtlK
dS07EL+lF4KMOFJOf0jX3cirg1yOCmQVasLF0EWnDrkPoT7jcxJVVrAZL4eyY3Nt
SU4stSGtIGWFQizIzlrtMDEDl943vjgYefDZabC4snLFyHj/AZma+5hm9FxLcxi/
mCAqLQE3yKYl3CJbYewf6NaGw40Xmb3Ee9khNJ3Yw3E+VROIy6CufJakPcX7x7fz
LE5jGkb7havCx2n/5wplkr0cjaC18VmvSKmA201TMKqyLIOCGxi9QV2Qev1sVCQM
o5vy6/WM3POAQygYoISLBwXV6HBjUTfQRQ6++l0NuQR9zxpLPrlJW5yZN7HeZAx5
tcE01GrJf4AAsqn8fgIZi9vJmxiJnDW9v6L//ikz3bwuQNkJUFt5klK+52eBW1Gd
TOl7vaGLHHE1/htFmp4nnGUPqElLxdF4tksQtwn0MzxT6DYAsK8VdlFGH27yH9ls
NfttB2mBv207xRTBQfUZXFr+bCS0os3x4in9OtcFsKm8pboeITU=
=kLf2
-----END PGP SIGNATURE-----
pgp6Qyy7y674e.pgp
Description: PGP signature
--- End Message ---
