Fedora has issued an advisory on April 25: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGYTGMYA4MY32ZOTCKVGK6FI76RHFHY4/ Upstream fixes: CVE-2025-43965: https://github.com/ImageMagick/ImageMagick/commit/bac413a26073923d3ffb258adaab07fb3fe8fdc9 CVE-2025-46393: https://github.com/ImageMagick/ImageMagick/commit/81ac8a0d2eb21739842ed18c48c7646b7eef65b8
Whiteboard: (none) => MGA9TOOCVE: (none) => CVE-2025-43965, CVE-2025-46393Source RPM: (none) => imagemagickStatus comment: (none) => Fixed upstream in 7.1.1.44 and patches available from upstream
Thank you for the upstream patches URLs. Unable to see (system problem) who habitually does imagemagick, assigning this globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix security vulnerabilities: In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. (CVE-2025-43965) In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order). (CVE-2025-46393) References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGYTGMYA4MY32ZOTCKVGK6FI76RHFHY4/ ======================== Updated packages in core/updates_testing: ======================== imagemagick-7.1.1.29-1.1.mga9 imagemagick-desktop-7.1.1.29-1.1.mga9 imagemagick-doc-7.1.1.29-1.1.mga9 lib(64)magick++-7Q16HDRI_5-7.1.1.29-1.1.mga9 lib(64)magick-7Q16HDRI_10-7.1.1.29-1.1.mga9 lib(64)magick-devel-7.1.1.29-1.1.mga9 perl-Image-Magick-7.1.1.29-1.1.mga9 from SRPM: imagemagick-7.1.1.29-1.1.mga9.src.rpm Updated packages in tainted/updates_testing: ======================== imagemagick-7.1.1.29-1.1.mga9.tainted imagemagick-desktop-7.1.1.29-1.1.mga9.tainted imagemagick-doc-7.1.1.29-1.1.mga9.tainted lib(64)magick++-7Q16HDRI_5-7.1.1.29-1.1.mga9.tainted lib(64)magick-7Q16HDRI_10-7.1.1.29-1.1.mga9.tainted lib(64)magick-devel-7.1.1.29-1.1.mga9.tainted perl-Image-Magick-7.1.1.29-1.1.mga9.tainted from SRPM: imagemagick-7.1.1.29-1.1.mga9.tainted.src.rpm
Assignee: pkg-bugs => qa-bugsVersion: Cauldron => 9Whiteboard: MGA9TOO => (none)Status comment: Fixed upstream in 7.1.1.44 and patches available from upstream => (none)Status: NEW => ASSIGNED
Keywords: (none) => advisory
MGA9-64 Plasma, i5-7500, nvidia Quadro K620 graphics, using nvidia-current. Tested core packages first. ImageMagick is a powerful program, with a lot of commands. Testing all would take more experience than I have, but I did try a few basic commands. MIFF is IM's native format, so I converted a jpg to MIFF, and displayed it with IM. Then I ran the GUI and loaded the MIFF image, after which I played with the various effects, enhancements, and manipulations, saving the resulting mess as yet anothe MIFF image. And then I used the command line to display the mess once again. Then I installed the tainted version. I tested as above on a different image, with no issues. This should be good enough.
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
Validating.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0141.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED