ImageMagick: Fix CVE-2025-53101

Backport the fix for CVE-2025-53101 Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774] Add below patch to fix 0002-ImageMagick-Fix-CVE-2025-53101.patch Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in> 2025-12-12 20:29:38 +0530
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2025-12-12 22:06:47 +0100
commit: bbcd2ab724eef6e844ea439a0032df16ac087ae9 (patch)
tree: cf7e1635ae8bc48a92278d0214325798a734f419
parent: 520f64ef3cffc80644bc072c0d505e170cee4a98 (diff)
download: meta-openembedded-bbcd2ab724eef6e844ea439a0032df16ac087ae9.tar.gz
2 files changed, 61 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/imagemagick/files/0002-ImageMagick-Fix-CVE-2025-53101.patch b/meta-oe/recipes-support/imagemagick/files/0002-ImageMagick-Fix-CVE-2025-53101.patch
new file mode 100644
index 0000000000..a00beb78f1
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0002-ImageMagick-Fix-CVE-2025-53101.patch
@@ -0,0 +1,60 @@
+From 3c6a0eea436afbf5de708b6dda7e9dc7e5189399 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Wed, 5 Nov 2025 12:54:53 +0530
+Subject: [PATCH 02/18] ImageMagick: Fix CVE-2025-53101
+CVE: CVE-2025-53101
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774]
+Reference: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
+Comment: Refreshed hunk to match latest kirkstone
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ MagickCore/image.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+diff --git a/MagickCore/image.c b/MagickCore/image.c
+index fe2a1cb5f..346285165 100644
+--- a/MagickCore/image.c
+++ b/MagickCore/image.c
+@@ -1650,7 +1650,6 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+     *p;
+ 
+   ssize_t
+-    field_width,
+     offset;
+ 
+   canonical=MagickFalse;
+@@ -1664,21 +1663,23 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+         p++;
+         continue;
+       }
+-    field_width=0;
+-    if (*q == '0')
+-      field_width=(ssize_t) strtol(q,&q,10);
+     switch (*q)
+     {
+       case 'd':
+       case 'o':
+       case 'x':
+       {
+        ssize_t
+          count;
+
+         q++;
+         c=(*q);
+         *q='\0';
+-        (void) FormatLocaleString(filename+(p-format-offset),(size_t)
+        count=FormatLocaleString(filename+(p-format-offset),(size_t)
+           (MagickPathExtent-(p-format-offset)),p,value);
+-        offset+=(4-field_width);
+        if ((count <= 0) || (count > (MagickPathExtent-(p-format-offset))))
+          return(0);
+        offset+=(ssize_t) ((q-p)-count);
+         *q=c;
+         (void) ConcatenateMagickString(filename,q,MagickPathExtent);
+         canonical=MagickTrue;
+-- 
+2.34.1
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index fa06dd45ca..4337a405a3 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -27,6 +27,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
    file://CVE-2023-5341.patch \
    file://CVE-2022-28463.patch \
    file://0001-ImageMagick-Fix-CVE-2025-53014.patch \
+    file://0002-ImageMagick-Fix-CVE-2025-53101.patch \
 "
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"
author	Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>	2025-12-12 20:29:38 +0530
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-12-12 22:06:47 +0100
commit	bbcd2ab724eef6e844ea439a0032df16ac087ae9 (patch)
tree	cf7e1635ae8bc48a92278d0214325798a734f419
parent	520f64ef3cffc80644bc072c0d505e170cee4a98 (diff)
download	meta-openembedded-bbcd2ab724eef6e844ea439a0032df16ac087ae9.tar.gz

diff --git a/meta-oe/recipes-support/imagemagick/files/0002-ImageMagick-Fix-CVE-2025-53101.patch b/meta-oe/recipes-support/imagemagick/files/0002-ImageMagick-Fix-CVE-2025-53101.patch new file mode 100644 index 0000000000..a00beb78f1 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/0002-ImageMagick-Fix-CVE-2025-53101.patch
@@ -0,0 +1,60 @@
		1	From 3c6a0eea436afbf5de708b6dda7e9dc7e5189399 Mon Sep 17 00:00:00 2001
		2	From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
		3	Date: Wed, 5 Nov 2025 12:54:53 +0530
		4	Subject: [PATCH 02/18] ImageMagick: Fix CVE-2025-53101
		5
		6	CVE: CVE-2025-53101
		7	Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774]
		8	Reference: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
		9
		10	Comment: Refreshed hunk to match latest kirkstone
		11
		12	Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
		13	---
		14	MagickCore/image.c \| 13 +++++++------
		15	1 file changed, 7 insertions(+), 6 deletions(-)
		16
		17	diff --git a/MagickCore/image.c b/MagickCore/image.c
		18	index fe2a1cb5f..346285165 100644
		19	--- a/MagickCore/image.c
		20	+++ b/MagickCore/image.c
		21	@@ -1650,7 +1650,6 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
		22	*p;
		23
		24	ssize_t
		25	- field_width,
		26	offset;
		27
		28	canonical=MagickFalse;
		29	@@ -1664,21 +1663,23 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
		30	p++;
		31	continue;
		32	}
		33	- field_width=0;
		34	- if (*q == '0')
		35	- field_width=(ssize_t) strtol(q,&q,10);
		36	switch (*q)
		37	{
		38	case 'd':
		39	case 'o':
		40	case 'x':
		41	{
		42	+ ssize_t
		43	+ count;
		44	+
		45	q++;
		46	c=(*q);
		47	*q='\0';
		48	- (void) FormatLocaleString(filename+(p-format-offset),(size_t)
		49	+ count=FormatLocaleString(filename+(p-format-offset),(size_t)
		50	(MagickPathExtent-(p-format-offset)),p,value);
		51	- offset+=(4-field_width);
		52	+ if ((count <= 0) \|\| (count > (MagickPathExtent-(p-format-offset))))
		53	+ return(0);
		54	+ offset+=(ssize_t) ((q-p)-count);
		55	*q=c;
		56	(void) ConcatenateMagickString(filename,q,MagickPathExtent);
		57	canonical=MagickTrue;
		58	--
		59	2.34.1
		60


diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb index fa06dd45ca..4337a405a3 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -27,6 +27,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
27	file://CVE-2023-5341.patch \	27	file://CVE-2023-5341.patch \
28	file://CVE-2022-28463.patch \	28	file://CVE-2022-28463.patch \
29	file://0001-ImageMagick-Fix-CVE-2025-53014.patch \	29	file://0001-ImageMagick-Fix-CVE-2025-53014.patch \
		30	file://0002-ImageMagick-Fix-CVE-2025-53101.patch \
30	"	31	"
31		32
32	SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"	33	SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"