CVE-2025-53015

Name	CVE-2025-53015
Description	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	1109339

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
imagemagick (PTS)	bullseye	8:6.9.11.60+dfsg-1.3+deb11u4	fixed
	bullseye (security)	8:6.9.11.60+dfsg-1.3+deb11u5	fixed
	bookworm	8:6.9.11.60+dfsg-1.6+deb12u3	fixed
	bookworm (security)	8:6.9.11.60+dfsg-1.6+deb12u1	fixed
	trixie	8:7.1.1.43+dfsg1-1	vulnerable
	sid	8:7.1.1.47+dfsg1-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Debian Bugs
imagemagick	source	bullseye	(not affected)
imagemagick	source	bookworm	(not affected)
imagemagick	source	trixie	8:7.1.1.43+dfsg1-1+deb13u1
imagemagick	source	(unstable)	8:7.1.1.47+dfsg1-2	1109339

Notes

[bookworm] - imagemagick <not-affected> (Vulnerable code introduced later)
[bullseye] - imagemagick <not-affected> (Vulnerable code introduced later)
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g
Fixed by: https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0 (7.1.2-0)
Fixed by: https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26 (7.1.2-0)
Introduced by: https://github.com/ImageMagick/ImageMagick/commit/fc4f67bb1b8eb1b61ae70e401482844086949721 (7.1.1-7)