Package: graphicsmagick / 1.4+really1.3.40-4+deb12u1

CVE-2025-32460.patch Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
Description: ReadJXLImage(): pixel_format.num_channels needs to be 2 for grayscale matte
Origin: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-32460
Forwarded: not-needed
Author: Bob Friesenhahn <bfriesen@GraphicsMagick.org>

--- a/coders/jxl.c
+++ b/coders/jxl.c
@@ -600,7 +600,7 @@ static Image *ReadJXLImage(const ImageIn
                       ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);
                   }
                 grayscale=MagickTrue;
-                pixel_format.num_channels=1;
+                pixel_format.num_channels=image->matte ? 2 : 1;
                 pixel_format.data_type=(basic_info.bits_per_sample <= 8 ? JXL_TYPE_UINT8 :
                                   (basic_info.bits_per_sample <= 16 ? JXL_TYPE_UINT16 :
                                    JXL_TYPE_FLOAT));
@@ -765,10 +765,32 @@ static Image *ReadJXLImage(const ImageIn
             size_t
               out_len;
 
+            if (image->logging)
+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+                                    "JxlPixelFormat:\n"
+                                    "    num_channels: %u\n"
+                                    "    data_type: %s\n"
+                                    "    endianness: %s\n"
+                                    "    align: %" MAGICK_SIZE_T_F "u",
+                                    pixel_format.num_channels,
+                                    pixel_format.data_type == JXL_TYPE_FLOAT ? "float" :
+                                    (pixel_format.data_type == JXL_TYPE_UINT8 ? "uint8" :
+                                     (pixel_format.data_type == JXL_TYPE_UINT16 ? "uint16" :
+                                      (pixel_format.data_type == JXL_TYPE_FLOAT16 ? "float16" :
+                                       "unknown"))) ,
+                                    pixel_format.endianness == JXL_NATIVE_ENDIAN ? "native" :
+                                    (pixel_format.endianness == JXL_LITTLE_ENDIAN ? "little" :
+                                     (pixel_format.endianness == JXL_BIG_ENDIAN ? "big" : "unknown")),
+                                    pixel_format.align);
+
             status=JxlDecoderImageOutBufferSize(jxl_decoder,&pixel_format,&out_len);
             if (status != JXL_DEC_SUCCESS)
               break;
 
+            if (image->logging)
+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+                                    "JxlDecoderImageOutBufferSize() returns %" MAGICK_SIZE_T_F "u",
+                                    (MAGICK_SIZE_T) out_len);
             out_buf=MagickAllocateResourceLimitedArray(unsigned char *,out_len,sizeof(*out_buf));
             if (out_buf == (unsigned char *) NULL)
               ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);