-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 30 Dec 2025 17:36:07 +0100
Source: imagemagick
Architecture: source
Version: 8:6.9.11.60+dfsg-1.6+deb12u5
Distribution: bookworm
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1118340 1122584 1122827
Changes:
 imagemagick (8:6.9.11.60+dfsg-1.6+deb12u5) bookworm; urgency=medium
 .
   * Fix CVE-2025-62171 (Closes: #1118340)
     Integer Overflow in BMP Decoder (ReadBMP):
     CVE-2025-57803 claims to be patched, but the fix is incomplete
     and ineffective.
     .
     The patch added BMPOverflowCheck() but placed it
     after the overflow occurs, making it useless.
     A malicious 58-byte BMP file can trigger AddressSanitizer
     crashes and DoS.
   * Fix CVE-2025-65955 (Closes: #1122827)
     A vulnerability was found in ImageMagick’s Magick++ layer that
     manifests when Options::fontFamily is invoked with an empty
     string. Clearing a font family calls RelinquishMagickMemory on
     _drawInfo->font, freeing the font string but leaving _drawInfo->font
     pointing to freed memory while _drawInfo->family is set to that
     (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font
     re-frees or dereferences dangling memory. DestroyDrawInfo and other
     setters (Options::font, Image::font) assume _drawInfo->font remains
     valid, so destruction or subsequent updates trigger crashes or heap
     corruption
   * Fix CVE-2025-66628 (Closes: #1122584)
     The TIM (PSX TIM) image parser contains a critical integer overflow
     vulnerability in its ReadTIMImage function (coders/tim.c). The code
     reads width and height (16-bit values) from the file header and
     calculates image_size = 2 * width * height without checking for
     overflow. On 32-bit systems (or where size_t is 32-bit), this
     calculation can overflow if width and height are large (e.g., 65535),
     wrapping around to a small value
   * Fix CVE-2025-68469
     ImageMagick crashes when processing a crafted TIFF file.
   * Fix CVE-2025-68618:
     Magick's failure to limit the depth of SVG file reads caused
     a DoS attack.
   * Fix CVE-2025-68950:
     Magick's failure to limit MVG mutual references forming a loop
   * Fix CVE-2025-69204:
     Converting a malicious MVG file to SVG caused an integer overflow.
Checksums-Sha1:
 4892c76966cf497f9d9614246f1877c373ef506f 5106 imagemagick_6.9.11.60+dfsg-1.6+deb12u5.dsc
 824a63dce5e54bd8b78077d671d8ab06300a8848 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz
 76f738497c6a2355532d9295143c2d40c7f86c71 278516 imagemagick_6.9.11.60+dfsg-1.6+deb12u5.debian.tar.xz
 def8d10587958ceb259a9cfcf024828e29e4467b 8249 imagemagick_6.9.11.60+dfsg-1.6+deb12u5_source.buildinfo
Checksums-Sha256:
 c2f8aa0015d7994d71ba16f36e06462bc058a0c0e93ab6b8bf1c0eafde846429 5106 imagemagick_6.9.11.60+dfsg-1.6+deb12u5.dsc
 472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz
 15aee54902aae6614974ebf739dd69b494dda4d10b1ce2ce8a20042133070845 278516 imagemagick_6.9.11.60+dfsg-1.6+deb12u5.debian.tar.xz
 0d262edb299bb71e0f566a9cf48fb938ac9aad83240b1141092c0f348c3b1176 8249 imagemagick_6.9.11.60+dfsg-1.6+deb12u5_source.buildinfo
Files:
 0696c47514d8317c773dd19501680c7d 5106 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u5.dsc
 8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional imagemagick_6.9.11.60+dfsg.orig.tar.xz
 38d89e5738983c366f3517fd2147bb7a 278516 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u5.debian.tar.xz
 ba98da587ae674b1b539f129ef63e45e 8249 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmlZBVIACgkQADoaLapB
CF/Pkg/6Anh0tMDLB0J7ILjm7xVDvSZp1KKksstmPsBTZOkgGXrQWWOJsP3UJcxD
YdeZF8D2H7FaetUjHiW3lf9NVzH6I3J9gCdCHOBKIKu0aGMJcJ+aWK4W+bccxMpv
N8jLlWltqADL0riS017udXsZwqOjeCD8cGEd+QIOzeIgNZjW4a8IKTkMIFlGg5iy
5nZdPRf0iP+CDe/3FgUMHClGzznmvFpAmss4mEbWf3MreQ/xRd1nl8OQ9AvvF/8R
tPJauB7ZsOqmWJd2x76jMjEZtFwD6Gst1dyAt+cNmYSyIhRJAWoHX2GvrSLAywQS
gk5FTkiUg0SfUXWmnvBSLplV53nmLnV1OyrIPkK7ke4fYObsso65l67Ye0t1uTfj
M4Tc3N7SxlA5UUxWBgHu0sufXvScihw9q9rV3WnPe7evgl7dsovCgQQFcl1MY168
US7ep/3SET4AzJO7qahW7Yp+yvLbyPxGCXw/sYJYdyjd9NvybxImbCS4KGvg5ov7
hKjHueRUcrpWtPQsC4eWnO1yHHx4wy+H4X9Z0y8ExqNaZpi4PJxXsdCoO0aojn21
iXsMzLWqxOPkkolPBttMy1UvjXHp8gLSbpO8sLeFmzd2ZQhZpTO0OAJowzy7onyt
CKG1dqCbV5Au7+JTPhZ/7+FR1t8UuKqG44kHYptLIq5hhN/Xm/g=
=Wtsy
-----END PGP SIGNATURE-----