Overview

File _patchinfo of Package patchinfo.40310

<patchinfo incident="40310">
  <issue tracker="bnc" id="1248076">VUL-0: CVE-2025-55004: ImageMagick: heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels</issue>
  <issue tracker="bnc" id="1248077">VUL-0: CVE-2025-55005: ImageMagick: heap buffer overflow when transforming from Log to sRGB colorspaces</issue>
  <issue tracker="bnc" id="1248078">VUL-0: CVE-2025-55154: ImageMagick: integer overflow when performing magnified size calculations in ReadOneMNGIMage can lead to out-of-bounds write</issue>
  <issue tracker="bnc" id="1248079">VUL-0: CVE-2025-55160: ImageMagick: undefined behavior due to function-type-mismatch in CloneSplayTree</issue>
  <issue tracker="bnc" id="1248767">VUL-0: CVE-2025-55212: ImageMagick: division-by-zero in ThumbnailImage() when passing a geometry string containing only a colon to `montage -geometry`</issue>
  <issue tracker="bnc" id="1248780">VUL-0: CVE-2025-55298: ImageMagick: format string bug vulnerability can lead to heap overflow</issue>
  <issue tracker="bnc" id="1248784">VUL-0: CVE-2025-57803: ImageMagick: 32-bit integer overflow can lead to heap out-of-bounds (OOB) write</issue>
  <issue tracker="cve" id="2025-55004"/>
  <issue tracker="cve" id="2025-55005"/>
  <issue tracker="cve" id="2025-55154"/>
  <issue tracker="cve" id="2025-55160"/>
  <issue tracker="cve" id="2025-55212"/>
  <issue tracker="cve" id="2025-55298"/>
  <issue tracker="cve" id="2025-57803"/>
  <packager>pgajdos</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ImageMagick</summary>
  <description>This update for ImageMagick fixes the following issues:

- CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels
  (bsc#1248076).
- CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
- CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage (bsc#1248078).
- CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
- CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing only a colon to
  `montage -geometry` (bsc#1248767).
- CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
- CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784). 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places