imagemagick (8:7.1.2.12+dfsg1-1)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/debian/imagemagick.git
-
- Branch: debian/lastest
- Path: debian/changelog
- Repo size: 175288320
- Browser: https://salsa.debian.org/debian/imagemagick
- Last scan: 2025-12-30 20:51:02+00
- Next scan: 2026-01-06 02:01:00+00
- Merge requests: 1
- CI pipeline status: failed
- Debian changelog in Git:
imagemagick (8:7.1.2.12+dfsg1-1) unstable; urgency=medium
* New upstream version
* Fix CVE-2025-65955 (Closes: #1122827)
There is a vulnerability in ImageMagick’s Magick++ layer that
manifests when Options::fontFamily is invoked with an empty
string. Clearing a font family calls RelinquishMagickMemory on
_drawInfo->font, freeing the font string but leaving _drawInfo->font
pointing to freed memory while _drawInfo->family is set to that
(now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font
re-frees or dereferences dangling memory. DestroyDrawInfo and other
setters (Options::font, Image::font) assume _drawInfo->font remains
valid, so destruction or subsequent updates trigger crashes or heap
corruption
* Fix CVE-2025-66628 (Closes: #1122584)
The TIM (PSX TIM) image parser contains a critical integer overflow
vulnerability in its ReadTIMImage function (coders/tim.c). The code
reads width and height (16-bit values) from the file header and
calculates image_size = 2 * width * height without checking for
overflow. On 32-bit systems (or where size_t is 32-bit), this
calculation can overflow if width and height are large (e.g., 65535),
wrapping around to a small value. This results in a small heap
allocation via AcquireQuantumMemory and later operations relying on
the dimensions can trigger an out of bounds read.
-- Bastien Roucariès <rouca@debian.org> Sun, 28 Dec 2025 19:32:37 +0100
- This branch is even with tag debian/8%7.1.2.12+dfsg1-1
