Version in base suite: 7.1.1.43+dfsg1-1+deb13u1 Version in overlay suite: 7.1.1.43+dfsg1-1+deb13u2 Base version: imagemagick_7.1.1.43+dfsg1-1+deb13u2 Target version: imagemagick_7.1.1.43+dfsg1-1+deb13u3 Base file: /srv/ftp-master.debian.org/ftp/pool/main/i/imagemagick/imagemagick_7.1.1.43+dfsg1-1+deb13u2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/i/imagemagick/imagemagick_7.1.1.43+dfsg1-1+deb13u3.dsc changelog | 14 ++++++++++++++ patches/CVE-2025-62171.patch | 25 +++++++++++++++++++++++++ patches/series | 1 + salsa-ci.yml | 3 ++- 4 files changed, 42 insertions(+), 1 deletion(-) diff -Nru imagemagick-7.1.1.43+dfsg1/debian/changelog imagemagick-7.1.1.43+dfsg1/debian/changelog --- imagemagick-7.1.1.43+dfsg1/debian/changelog 2025-09-06 22:31:52.000000000 +0000 +++ imagemagick-7.1.1.43+dfsg1/debian/changelog 2025-10-19 08:37:32.000000000 +0000 @@ -1,3 +1,17 @@ +imagemagick (8:7.1.1.43+dfsg1-1+deb13u3) trixie; urgency=high + + * Fix CVE-2025-62171 (Closes: #1118340) + Integer Overflow in BMP Decoder (ReadBMP): + CVE-2025-57803 claims to be patched, but the fix is incomplete + and ineffective. + . + The patch added BMPOverflowCheck() but placed it + after the overflow occurs, making it useless. + A malicious 58-byte BMP file can trigger AddressSanitizer + crashes and DoS. + + -- Bastien Roucariès Sun, 19 Oct 2025 10:37:32 +0200 + imagemagick (8:7.1.1.43+dfsg1-1+deb13u2) trixie-security; urgency=high * Fix CVE-2025-55004: diff -Nru imagemagick-7.1.1.43+dfsg1/debian/patches/CVE-2025-62171.patch imagemagick-7.1.1.43+dfsg1/debian/patches/CVE-2025-62171.patch --- imagemagick-7.1.1.43+dfsg1/debian/patches/CVE-2025-62171.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-7.1.1.43+dfsg1/debian/patches/CVE-2025-62171.patch 2025-10-19 08:37:32.000000000 +0000 @@ -0,0 +1,25 @@ +From: Dirk Lemstra +Date: Sun, 12 Oct 2025 20:43:14 +0200 +Subject: Added extra check to resolve issue on 32-bit systems + (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm) + +origin: https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00 +bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118340 +--- + coders/bmp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/coders/bmp.c b/coders/bmp.c +index 8f318e2..6f1b77d 100644 +--- a/coders/bmp.c ++++ b/coders/bmp.c +@@ -1115,6 +1115,8 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if (bmp_info.compression == BI_RLE4) + bmp_info.bits_per_pixel<<=1; ++ if (BMPOverflowCheck(image->columns,bmp_info.bits_per_pixel) != MagickFalse) ++ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + extent=image->columns*bmp_info.bits_per_pixel; + bytes_per_line=4*((extent+31)/32); + if (BMPOverflowCheck(bytes_per_line,image->rows) != MagickFalse) diff -Nru imagemagick-7.1.1.43+dfsg1/debian/patches/series imagemagick-7.1.1.43+dfsg1/debian/patches/series --- imagemagick-7.1.1.43+dfsg1/debian/patches/series 2025-09-06 22:31:52.000000000 +0000 +++ imagemagick-7.1.1.43+dfsg1/debian/patches/series 2025-10-19 08:37:32.000000000 +0000 @@ -52,3 +52,4 @@ CVE-2025-55298-2.patch CVE-2025-57803.patch CVE-2025-57807.patch +CVE-2025-62171.patch diff -Nru imagemagick-7.1.1.43+dfsg1/debian/salsa-ci.yml imagemagick-7.1.1.43+dfsg1/debian/salsa-ci.yml --- imagemagick-7.1.1.43+dfsg1/debian/salsa-ci.yml 2025-09-06 22:31:52.000000000 +0000 +++ imagemagick-7.1.1.43+dfsg1/debian/salsa-ci.yml 2025-10-19 08:37:32.000000000 +0000 @@ -1,8 +1,9 @@ --- include: - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml - - local: '/debian/rdeps-ci.yml' +# - local: '/debian/rdeps-ci.yml' variables: + RELEASE: 'trixie' SALSA_CI_ENABLE_REVERSE_DEPENDENCY_BUILD: 0 SALSA_CI_DISABLE_APTLY: 0