Your message dated Tue, 19 Aug 2025 08:35:44 +0000
with message-id <[email protected]>
and subject line Bug#1111104: fixed in imagemagick 8:7.1.2.1+dfsg1-1
has caused the Debian Bug report #1111104,
regarding imagemagick: CVE-2025-55160
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111104: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111104
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: imagemagick
Version: 8:7.1.1.47+dfsg1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for imagemagick.
CVE-2025-55160[0]:
| ImageMagick is free and open-source software used for editing and
| manipulating digital images. Prior to versions 6.9.13-27 and
| 7.1.2-1, there is undefined behavior (function-type-mismatch) in
| splay tree cloning callback. This results in a deterministic abort
| under UBSan (DoS in sanitizer builds), with no crash in a non-
| sanitized build. This issue has been patched in versions 6.9.13-27
| and 7.1.2-1.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-55160
https://www.cve.org/CVERecord?id=CVE-2025-55160
[1]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:7.1.2.1+dfsg1-1
Done: Bastien Roucariès <[email protected]>
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <[email protected]> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 17 Aug 2025 18:54:36 +0200
Source: imagemagick
Architecture: source
Version: 8:7.1.2.1+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: ImageMagick Packaging Team
<[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Closes: 1111101 1111102 1111103 1111104
Changes:
imagemagick (8:7.1.2.1+dfsg1-1) unstable; urgency=medium
.
* New upstream version
* Fix CVE-2025-55004:
ImageMagick is vulnerable to heap-buffer overflow read
around the handling of images with separate alpha channels
when performing image magnification in ReadOneMNGIMage.
(Closes: #1111101)
* Fix CVE-2025-55005:
When preparing to transform from Log to sRGB colorspaces,
the logmap construction fails to handle cases where the
reference-black or reference-white value is larger than 1024.
This leads to corrupting memory beyond the end of the allocated
logmap buffer.
(Closes: #1111102)
* Fix CVE-2025-55154:
The magnified size calculations in ReadOneMNGIMage
(in coders/png.c) are unsafe and can overflow, leading to
memory corruption.
(Closes: #1111103)
* Fix CVE-2025-55160:
There is undefined behavior (function-type-mismatch) in
splay tree cloning callback. This results in a deterministic
abort under UBSan (DoS in sanitizer builds),
with no crash in a non-sanitized build
(Closes: #1111104)
* Conflicts with graphicsmagick-libmagick-dev-compat
Checksums-Sha1:
c91b7806b9b7149569e26e1184f7275e11df438f 5097 imagemagick_7.1.2.1+dfsg1-1.dsc
18bf827e2e7841f56bcb70f120e5d918f83d128b 10528468
imagemagick_7.1.2.1+dfsg1.orig.tar.xz
ffa02b0ef3d78f46bdb3330936298c1a9034f3c6 281396
imagemagick_7.1.2.1+dfsg1-1.debian.tar.xz
eb98cdafcbf29d312d17b4f13a2e4536bac28887 29398
imagemagick_7.1.2.1+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
460a7b5c020041264a1cb83f5259f88dc155fc6394ed07f59890d9ec782d01aa 5097
imagemagick_7.1.2.1+dfsg1-1.dsc
54bd702a8b724a39e9728986fb7b28d801c6913e944b2c4f9cd105e20dfe98e4 10528468
imagemagick_7.1.2.1+dfsg1.orig.tar.xz
ae4d00f45981dd1065bac6b105c8b534871bbdd89b5a4c8c503d40047533402e 281396
imagemagick_7.1.2.1+dfsg1-1.debian.tar.xz
34fb559322eb7ac89249e99cef6c87e51843a9f7e4affb129fbf2ecb7d8d7092 29398
imagemagick_7.1.2.1+dfsg1-1_amd64.buildinfo
Files:
639523c8af9a8a3e98c36937b2a340d7 5097 graphics optional
imagemagick_7.1.2.1+dfsg1-1.dsc
d01c654b32cd90a83e3e01260731e77a 10528468 graphics optional
imagemagick_7.1.2.1+dfsg1.orig.tar.xz
2c9745205f3873831121c1df5b349141 281396 graphics optional
imagemagick_7.1.2.1+dfsg1-1.debian.tar.xz
edddd5fd734d97664faf2503b72a4dad 29398 graphics optional
imagemagick_7.1.2.1+dfsg1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmikL3AACgkQADoaLapB
CF/T7BAAnZs3lVfSVLI5GXvKOhFyECtnq9bBeAg9cqv3PVVVf/iwKmkf0hohPVrp
iHlXazFtcebiFvui2fGa+q1G5znIXV6Wk2EHW5Kp9EuyvavckduE+dhPd2JYoi+F
tcurPzINKHQF0avvRPR5wzIrX+XF4p2ptSyV+WzmnBpgfwipS7BA/GipK+ZVhShU
npF1Qd75rkvtPuyjtIeXjsMdCy2fcpAYJC3La88nYy6cCqjuCLB+R8a2+b2KxOYK
wrbPamdUeLqINo6Hd2rCFERUUknNdzGxA/x1hK6RSKQf9AjGLZVJysx0hNOf9x2L
V0qAxhuLH+UHJdwiqQXRVLfvVCqdtWJa+YAXTVtgKruKsl1mpMXUn5DBg3mo/Caq
g86J6pg1YcWAQTkZ/kh3qs3DymYF1HpxxARIcAfpI85rXYUReTyUQBupsiExFpnD
qtxMeVyvvOmPtZ6N8/xnN9QCa2pViBG3zzT/TkhCJD1b7j7FNo1Q0QDdDLsK/3lq
qwOF3C31IbeJjVUAieBZYn91hVBBxIM2p80hyXJJZBs6YSTDFLpgJgN05hG1L/kP
bOPQFmFSVC7khzAiNhXvReMdTWteRZY/AOSwDGCSiEVSdWUP/kdPbrN+OKH+6tHI
u/0y1J5ueNn5eIJBAGby5+1pLp77OFhmgI3M+jI7f2Uo3tTce9s=
=0Yvj
-----END PGP SIGNATURE-----
pgpZQPPv0WPyk.pgp
Description: PGP signature
--- End Message ---
