Advisories » MGASA-2025-0141

Updated imagemagick packages fix security vulnerabilities

Publication date: 01 May 2025
Modification date: 01 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43965 , CVE-2025-46393

Description

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is
mishandled after SetQuantumFormat is used. (CVE-2025-43965)
In multispectral MIFF image processing in ImageMagick before 7.1.1-44,
packet_size is mishandled (related to the rendering of all channels in
an arbitrary order). (CVE-2025-46393)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34225
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGYTGMYA4MY32ZOTCKVGK6FI76RHFHY4/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43965
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46393

SRPMS

9/core

• imagemagick-7.1.1.29-1.1.mga9

9/tainted

• imagemagick-7.1.1.29-1.1.mga9.tainted