imagemagick: Fix CVE vulnerablities

Fix following CVEs for imagemagick: CVE-2021-20311, CVE-2021-20312, CVE-2021-20313 CVE-2021-20309, CVE-2021-20310, CVE-2021-3610 CVE-2022-0284, CVE-2022-2719 fix-cipher-leak.patch fixes CVE-2021-20311, CVE-2021-20312, CVE-2021-20313 Ignore following CVES as current version is not affected by them: CVE-2014-9826, CVE-2016-7538, CVE-2017-5506 Signed-off-by: Sana Kazi <sanakazi720@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Sana Kazi <sanakazi720@gmail.com> 2025-05-12 14:02:11 +0530
committer: Armin Kuster <akuster808@gmail.com> 2025-07-02 20:29:29 -0400
commit: 9063cb0d9f781cbe226a5ef5853005a733595978 (patch)
tree: 5cd2620bc06f744586e873856fad1e4e11a5050d /meta-oe
parent: de4550a2b7a64ee70698b708e95a15eb47eff1a3 (diff)
download: meta-openembedded-9063cb0d9f781cbe226a5ef5853005a733595978.tar.gz
7 files changed, 448 insertions, 1 deletions
diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2021-20309.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2021-20309.patch
new file mode 100644
index 0000000000..c5e9b71454
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2021-20309.patch
@@ -0,0 +1,25 @@
+From 94174beff065cb5683d09d79e992c3ebbdead311 Mon Sep 17 00:00:00 2001
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Thu, 25 Feb 2021 19:34:39 -0500
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/3296
+CVE: CVE-2021-20309
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311.patch]
+Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
+---
+ MagickCore/visual-effects.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/MagickCore/visual-effects.c b/MagickCore/visual-effects.c
+index 789660231b9..60a227951f9 100644
+--- a/MagickCore/visual-effects.c
+++ b/MagickCore/visual-effects.c
+@@ -3360,7 +3360,7 @@ MagickExport Image *WaveImage(const Image *image,const double amplitude,
+     }
+   for (i=0; i < (ssize_t) wave_image->columns; i++)
+     sine_map[i]=(float) fabs(amplitude)+amplitude*sin((double)
+-      ((2.0*MagickPI*i)/wave_length));
+      ((2.0*MagickPI*i)*PerceptibleReciprocal(wave_length)));
+   /*
+     Wave image.
+   */
diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2021-20310.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2021-20310.patch
new file mode 100644
index 0000000000..f6ac425886
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2021-20310.patch
@@ -0,0 +1,31 @@
+From 75f6f5032690077cae3eaeda3c0165cc765eaeb5 Mon Sep 17 00:00:00 2001
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Thu, 25 Feb 2021 19:31:37 -0500
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/3295
+CVE: CVE-2021-20310
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/75f6f5032690077cae3eaeda3c0165cc765eaeb5.patch]
+Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
+---
+ MagickCore/colorspace.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
+index e3b7df339f6..9c5ea11e300 100644
+--- a/MagickCore/colorspace.c
+++ b/MagickCore/colorspace.c
+@@ -329,11 +329,11 @@ static void inline ConvertXYZToJzazbz(const double X,const double Y,
+   L=0.41478972*Xp+0.579999*Yp+0.0146480*Zp;
+   M=(-0.2015100)*Xp+1.120649*Yp+0.0531008*Zp;
+   S=(-0.0166008)*Xp+0.264800*Yp+0.6684799*Zp;
+-  gamma=pow(L/white_luminance,Jzazbz_n);
+  gamma=pow(L*PerceptibleReciprocal(white_luminance),Jzazbz_n);
+   Lp=pow((Jzazbz_c1+Jzazbz_c2*gamma)/(1.0+Jzazbz_c3*gamma),Jzazbz_p);
+-  gamma=pow(M/white_luminance,Jzazbz_n);
+  gamma=pow(M*PerceptibleReciprocal(white_luminance),Jzazbz_n);
+   Mp=pow((Jzazbz_c1+Jzazbz_c2*gamma)/(1.0+Jzazbz_c3*gamma),Jzazbz_p);
+-  gamma=pow(S/white_luminance,Jzazbz_n);
+  gamma=pow(S*PerceptibleReciprocal(white_luminance),Jzazbz_n);
+   Sp=pow((Jzazbz_c1+Jzazbz_c2*gamma)/(1.0+Jzazbz_c3*gamma),Jzazbz_p);
+   Iz=0.5*Lp+0.5*Mp;
+   *az=3.52400*Lp-4.066708*Mp+0.542708*Sp+0.5;
diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2021-3610.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2021-3610.patch
new file mode 100644
index 0000000000..ab42d506db
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2021-3610.patch
@@ -0,0 +1,26 @@
+From 930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3 Mon Sep 17 00:00:00 2001
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Thu, 27 May 2021 10:30:17 -0400
+Subject: [PATCH] eliminate heap buffer overflow vulnerability, thanks to
+ ZhangJiaxing (@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group
+CVE: CVE-2021-3610
+Upstream-Status: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3.patch]
+Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
+---
+ coders/tiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 277b9788be5..b88ce368ba5 100644
+--- a/coders/tiff.c
+++ b/coders/tiff.c
+@@ -1894,7 +1894,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         /*
+           Convert stripped TIFF image.
+         */
+-        extent=2*TIFFStripSize(tiff);
+        extent=4*TIFFStripSize(tiff);
+ #if defined(TIFF_VERSION_BIG)
+         extent+=image->columns*sizeof(uint64);
+ #else
diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2022-0284.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2022-0284.patch
new file mode 100644
index 0000000000..2d1c0d7c8e
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2022-0284.patch
@@ -0,0 +1,34 @@
+From e50f19fd73c792ebe912df8ab83aa51a243a3da7 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Wed, 19 Jan 2022 16:26:12 -0500
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/4729
+CVE: CVE-2022-0284
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7.patch]
+Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
+---
+ coders/xpm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/coders/xpm.c b/coders/xpm.c
+index 782ed732544..5f73df8bca4 100644
+--- a/coders/xpm.c
+++ b/coders/xpm.c
+@@ -773,7 +773,7 @@ static MagickBooleanType WritePICONImage(const ImageInfo *image_info,
+               break;
+             for (x=0; x < (ssize_t) picon->columns; x++)
+             {
+-              if (GetPixelAlpha(image,q) == (Quantum) TransparentAlpha)
+              if (GetPixelAlpha(picon,q) == (Quantum) TransparentAlpha)
+                 transparent=MagickTrue;
+               else
+                 SetPixelAlpha(picon,OpaqueAlpha,q);
+@@ -804,7 +804,7 @@ static MagickBooleanType WritePICONImage(const ImageInfo *image_info,
+           break;
+         for (x=0; x < (ssize_t) picon->columns; x++)
+         {
+-          if (GetPixelAlpha(image,q) == (Quantum) TransparentAlpha)
+          if (GetPixelAlpha(picon,q) == (Quantum) TransparentAlpha)
+             SetPixelIndex(picon,(Quantum) picon->colors,q);
+           q+=GetPixelChannels(picon);
+         }
diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2022-2719.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2022-2719.patch
new file mode 100644
index 0000000000..c17eba9afa
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2022-2719.patch
@@ -0,0 +1,136 @@
+From 716496e6df0add89e9679d6da9c0afca814cfe49 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sun, 3 Apr 2022 14:35:29 -0400
+Subject: [PATCH] do not attempt to write a null image list (thanks to Vinay
+ Rohila)
+CVE: CVE-2022-2719
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/716496e6df0add89e9679d6da9c0afca814cfe49.patch]
+Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
+---
+ MagickWand/operation.c |  3 ++-
+ coders/tim2.c          | 30 ++++++++++++++----------------
+ 2 files changed, 16 insertions(+), 17 deletions(-)
+diff --git a/MagickWand/operation.c b/MagickWand/operation.c
+index 383dc7c8098..95596035367 100644
+--- a/MagickWand/operation.c
+++ b/MagickWand/operation.c
+@@ -4893,7 +4893,8 @@ WandPrivate void CLINoImageOperator(Magi
+       if (IfPlusOp)
+         write_images=CloneImageList(_images,_exception);
+       write_info=CloneImageInfo(_image_info);
+-      (void) WriteImages(write_info,write_images,arg1,_exception);
+      if (write_images != (Image *) NULL)
+        (void) WriteImages(write_info,write_images,arg1,_exception);      
+       write_info=DestroyImageInfo(write_info);
+       if (IfPlusOp)
+         write_images=DestroyImageList(write_images);
+diff --git a/coders/tim2.c b/coders/tim2.c
+index e55170d8205..110542e45ba 100644
+--- a/coders/tim2.c
+++ b/coders/tim2.c
+@@ -60,8 +60,7 @@
+ #include "MagickCore/static.h"
+ #include "MagickCore/string_.h"
+ #include "MagickCore/module.h"
+-
+-
+
+ /*
+  Typedef declarations
+ */
+@@ -123,8 +122,7 @@ typedef enum
+   RGB24=1,
+   RGBA16=2,
+ } TIM2ColorEncoding;
+-
+-
+
+ /*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ %                                                                             %
+@@ -142,7 +140,8 @@ typedef enum
+ %
+ %  The format of the ReadTIM2Image method is:
+ %
+-%      Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception)
+%      Image *ReadTIM2Image(const ImageInfo *image_info,
+%        ExceptionInfo *exception)
+ %
+ %  A description of each parameter follows:
+ %
+@@ -600,13 +599,13 @@ static MagickBooleanType ReadTIM2ImageData(const ImageInfo *image_info,
+           image_info->filename);
+         break;
+     }
+-    if (csm==CSM1)
+    if (csm == CSM1)
+       {
+         PixelInfo
+           *oldColormap;
+ 
+-        oldColormap=(PixelInfo *) AcquireQuantumMemory((size_t)(image->colors)+1,
+-          sizeof(*image->colormap));
+        oldColormap=(PixelInfo *) AcquireQuantumMemory((size_t)(image->colors)+
+          1,sizeof(*image->colormap));
+         if (oldColormap == (PixelInfo *) NULL)
+           ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
+             image_info->filename);
+@@ -617,7 +616,8 @@ static MagickBooleanType ReadTIM2ImageData(const ImageInfo *image_info,
+   return(status);
+ }
+ 
+-static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception)
+static Image *ReadTIM2Image(const ImageInfo *image_info,
+  ExceptionInfo *exception)
+ {
+   Image
+     *image;
+@@ -626,6 +626,7 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception
+     status;
+ 
+   ssize_t
+    i,
+     str_read;
+ 
+   TIM2FileHeader
+@@ -685,7 +686,7 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception
+    */
+   if (file_header.image_count != 1)
+     ThrowReaderException(CoderError,"NumberOfImagesIsNotSupported");
+-  for (int i=0; i < file_header.image_count; ++i)
+  for (i=0; i < (ssize_t) file_header.image_count; i++)
+   {
+     char
+       clut_depth,
+@@ -780,8 +781,7 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception
+         break;
+       }
+     image=SyncNextImageInList(image);
+-    status=SetImageProgress(image,LoadImagesTag,image->scene-1,
+-      image->scene);
+    status=SetImageProgress(image,LoadImagesTag,image->scene-1,image->scene);
+     if (status == MagickFalse)
+       break;
+   }
+@@ -790,8 +790,7 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception
+     return(DestroyImageList(image));
+   return(GetFirstImageInList(image));
+ }
+-
+-
+
+ /*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ %                                                                             %
+@@ -825,8 +824,7 @@ ModuleExport size_t RegisterTIM2Image(void)
+   (void) RegisterMagickInfo(entry);
+   return(MagickImageCoderSignature);
+ }
+-
+-
+
+ /*
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ %                                                                             %
diff --git a/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch b/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch
new file mode 100644
index 0000000000..a8985757f2
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch
@@ -0,0 +1,178 @@
+From 70aa86f5d5d8aa605a918ed51f7574f433a18482 Mon Sep 17 00:00:00 2001
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Thu, 25 Feb 2021 17:05:14 -0500
+Subject: [PATCH] possible divide by zero + clear buffers
+---
+ MagickCore/cipher.c     | 12 ++++++------
+ MagickCore/colorspace.c | 16 ++++++++--------
+ MagickCore/memory.c     | 22 ++++++++++++++++------
+ MagickCore/signature.c  |  2 +-
+ coders/thumbnail.c      |  3 ++-
+ 5 files changed, 41 insertions(+), 25 deletions(-)
+CVE: CVE-2021-20311
+CVE: CVE-2021-20312
+CVE: CVE-2021-20313
+Upstream-Status: Backport[https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482.patch]
+Comment: Refreshed patch based on the codebase
+Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
+diff --git a/MagickCore/cipher.c b/MagickCore/cipher.c
+index 057b11c4720..91ad1d1d662 100644
+--- a/MagickCore/cipher.c
+++ b/MagickCore/cipher.c
+@@ -484,8 +484,8 @@ static void EncipherAESBlock(AESInfo *ae
+     Reset registers.
+   */
+   alpha=0;
+-  (void) memset(key,0,sizeof(key));
+-  (void) memset(text,0,sizeof(text));
+  (void) ResetMagickMemory(key,0,sizeof(key));
+  (void) ResetMagickMemory(text,0,sizeof(text));  
+ }
+ 
+ /*
+@@ -708,8 +708,8 @@ MagickExport MagickBooleanType PasskeyDe
+   */
+   quantum_info=DestroyQuantumInfo(quantum_info);
+   aes_info=DestroyAESInfo(aes_info);
+-  (void) memset(input_block,0,sizeof(input_block));
+-  (void) memset(output_block,0,sizeof(output_block));
+  (void) ResetMagickMemory(input_block,0,sizeof(input_block));
+  (void) ResetMagickMemory(output_block,0,sizeof(output_block));  
+   return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse);
+ }
+ 
+@@ -925,8 +925,8 @@ MagickExport MagickBooleanType PasskeyEn
+   */
+   quantum_info=DestroyQuantumInfo(quantum_info);
+   aes_info=DestroyAESInfo(aes_info);
+-  (void) memset(input_block,0,sizeof(input_block));
+-  (void) memset(output_block,0,sizeof(output_block));
+  (void) ResetMagickMemory(input_block,0,sizeof(input_block));
+  (void) ResetMagickMemory(output_block,0,sizeof(output_block));
+   return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse);
+ }
+ 
+diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
+index 2ffc72f88fa..e3b7df339f6 100644
+--- a/MagickCore/colorspace.c
+++ b/MagickCore/colorspace.c
+@@ -940,15 +940,15 @@ static MagickBooleanType sRGBTransformImage(Image *image,
+       if (logmap == (Quantum *) NULL)
+         ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
+           image->filename);
+-      black=pow(10.0,(reference_black-reference_white)*(gamma/density)*0.002/
+-        film_gamma);
+      black=pow(10.0,(reference_black-reference_white)*(gamma/density)*0.002*
+        PerceptibleReciprocal(film_gamma));
+ #if defined(MAGICKCORE_OPENMP_SUPPORT)
+       #pragma omp parallel for schedule(static)
+ #endif
+       for (i=0; i <= (ssize_t) MaxMap; i++)
+         logmap[i]=ScaleMapToQuantum((double) (MaxMap*(reference_white+
+-          log10(black+(1.0*i/MaxMap)*(1.0-black))/((gamma/density)*0.002/
+-          film_gamma))/1024.0));
+          log10(black+(1.0*i/MaxMap)*(1.0-black))/((gamma/density)*0.002*
+          PerceptibleReciprocal(film_gamma)))/1024.0));
+       image_view=AcquireAuthenticCacheView(image,exception);
+ #if defined(MAGICKCORE_OPENMP_SUPPORT)
+       #pragma omp parallel for schedule(static) shared(status) \
+@@ -2502,14 +2502,14 @@ static MagickBooleanType TransformsRGBImage(Image *image,
+       if (logmap == (Quantum *) NULL)
+         ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
+           image->filename);
+-      black=pow(10.0,(reference_black-reference_white)*(gamma/density)*0.002/
+-        film_gamma);
+      black=pow(10.0,(reference_black-reference_white)*(gamma/density)*0.002*
+        PerceptibleReciprocal(film_gamma));
+       for (i=0; i <= (ssize_t) (reference_black*MaxMap/1024.0); i++)
+         logmap[i]=(Quantum) 0;
+       for ( ; i < (ssize_t) (reference_white*MaxMap/1024.0); i++)
+         logmap[i]=ClampToQuantum(QuantumRange/(1.0-black)*
+-          (pow(10.0,(1024.0*i/MaxMap-reference_white)*(gamma/density)*0.002/
+-          film_gamma)-black));
+          (pow(10.0,(1024.0*i/MaxMap-reference_white)*(gamma/density)*0.002*
+          PerceptibleReciprocal(film_gamma))-black));
+       for ( ; i <= (ssize_t) MaxMap; i++)
+         logmap[i]=QuantumRange;
+       if (image->storage_class == PseudoClass)
+diff --git a/MagickCore/memory.c b/MagickCore/memory.c
+index 2598044486a..01bc80d86c5 100644
+--- a/MagickCore/memory.c
+++ b/MagickCore/memory.c
+@@ -1269,26 +1269,36 @@ MagickExport MemoryInfo *RelinquishVirtualMemory(MemoryInfo *memory_info)
+ %                                                                             %
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ %
+-%  ResetMagickMemory() fills the first size bytes of the memory area pointed to
+-%  by memory with the constant byte c.
+%  ResetMagickMemory() fills the first size bytes of the memory area pointed to %  by memory with the constant byte c.  We use a volatile pointer when
+%  updating the byte string.  Most compilers will avoid optimizing away access
+%  to a volatile pointer, even if the pointer appears to be unused after the
+%  call.
+ %
+ %  The format of the ResetMagickMemory method is:
+ %
+-%      void *ResetMagickMemory(void *memory,int byte,const size_t size)
+%      void *ResetMagickMemory(void *memory,int c,const size_t size)
+ %
+ %  A description of each parameter follows:
+ %
+ %    o memory: a pointer to a memory allocation.
+ %
+-%    o byte: set the memory to this value.
+%    o c: set the memory to this value.
+ %
+ %    o size: size of the memory to reset.
+ %
+ */
+-MagickExport void *ResetMagickMemory(void *memory,int byte,const size_t size)
+MagickExport void *ResetMagickMemory(void *memory,int c,const size_t size)
+ {
+  volatile unsigned char
+    *p = memory;
+
+  size_t
+    n = size;
+
+   assert(memory != (void *) NULL);
+-  return(memset(memory,byte,size));
+  while (n-- != 0)
+       *p++=(unsigned char) c;
+  return(memory);
+ }
+ 
+ /*
+diff --git a/MagickCore/signature.c b/MagickCore/signature.c
+index 2d9b0801523..1f79c91b11b 100644
+--- a/MagickCore/signature.c
+++ b/MagickCore/signature.c
+@@ -736,7 +736,7 @@ RestoreMSCWarning
+   T=0;
+   T1=0;
+   T2=0;
+-  (void) memset(W,0,sizeof(W));
+  (void) ResetMagickMemory(W,0,sizeof(W));
+ }
+ 
+ /*
+diff --git a/coders/thumbnail.c b/coders/thumbnail.c
+index 59d97380d9e..e92dd312011 100644
+--- a/coders/thumbnail.c
+++ b/coders/thumbnail.c
+@@ -199,7 +199,8 @@ static MagickBooleanType WriteTHUMBNAILImage(const ImageInfo *image_info,
+       break;
+     q++;
+   }
+-  if ((q+length) > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)))
+  if ((q > (GetStringInfoDatum(profile)+GetStringInfoLength(profile))) ||
+      (length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q)))
+     ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail");
+   thumbnail_image=BlobToImage(image_info,q,length,exception);
+   if (thumbnail_image == (Image *) NULL)
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index b8167f5a72..6108dece27 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -11,11 +11,28 @@ DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool"
 BASE_PV := "${PV}"
 PV .= "-62"
-SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https"
+SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \
+    file://CVE-2021-20309.patch \
+    file://CVE-2021-20310.patch \
+    file://CVE-2021-3610.patch \
+    file://CVE-2022-0284.patch \
+    file://fix-cipher-leak.patch \
+    file://CVE-2022-2719.patch \
+"
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"
 S = "${WORKDIR}/git"
+# current version is not affected by the CVE which affects versions at least earlier than 6.9.4-0
+CVE_CHECK_IGNORE += "CVE-2014-9826"
+# current version is not affected by the CVE which affects versions at least earlier than 6.9.4-0
+CVE_CHECK_IGNORE += "CVE-2016-7538"
+# current version is not affected by the CVE which affects versions at least earlier than 7.0.4-4
+CVE_CHECK_IGNORE += "CVE-2017-5506"
 inherit autotools pkgconfig update-alternatives
 # xml disabled because it's using xml2-config --prefix to determine prefix which returns just /usr with our libxml2
author	Sana Kazi <sanakazi720@gmail.com>	2025-05-12 14:02:11 +0530
committer	Armin Kuster <akuster808@gmail.com>	2025-07-02 20:29:29 -0400
commit	9063cb0d9f781cbe226a5ef5853005a733595978 (patch)
tree	5cd2620bc06f744586e873856fad1e4e11a5050d /meta-oe
parent	de4550a2b7a64ee70698b708e95a15eb47eff1a3 (diff)
download	meta-openembedded-9063cb0d9f781cbe226a5ef5853005a733595978.tar.gz

diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2021-20309.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2021-20309.patch new file mode 100644 index 0000000000..c5e9b71454 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/CVE-2021-20309.patch
@@ -0,0 +1,25 @@
		1	From 94174beff065cb5683d09d79e992c3ebbdead311 Mon Sep 17 00:00:00 2001
		2	From: Cristy <mikayla-grace@urban-warrior.org>
		3	Date: Thu, 25 Feb 2021 19:34:39 -0500
		4	Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/3296
		5
		6	CVE: CVE-2021-20309
		7	Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311.patch]
		8	Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
		9	---
		10	MagickCore/visual-effects.c \| 2 +-
		11	1 file changed, 1 insertion(+), 1 deletion(-)
		12
		13	diff --git a/MagickCore/visual-effects.c b/MagickCore/visual-effects.c
		14	index 789660231b9..60a227951f9 100644
		15	--- a/MagickCore/visual-effects.c
		16	+++ b/MagickCore/visual-effects.c
		17	@@ -3360,7 +3360,7 @@ MagickExport Image WaveImage(const Image image,const double amplitude,
		18	}
		19	for (i=0; i < (ssize_t) wave_image->columns; i++)
		20	sine_map[i]=(float) fabs(amplitude)+amplitude*sin((double)
		21	- ((2.0MagickPIi)/wave_length));
		22	+ ((2.0MagickPIi)*PerceptibleReciprocal(wave_length)));
		23	/*
		24	Wave image.
		25	*/


diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2021-20310.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2021-20310.patch new file mode 100644 index 0000000000..f6ac425886 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/CVE-2021-20310.patch
@@ -0,0 +1,31 @@
		1	From 75f6f5032690077cae3eaeda3c0165cc765eaeb5 Mon Sep 17 00:00:00 2001
		2	From: Cristy <mikayla-grace@urban-warrior.org>
		3	Date: Thu, 25 Feb 2021 19:31:37 -0500
		4	Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/3295
		5
		6	CVE: CVE-2021-20310
		7	Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/75f6f5032690077cae3eaeda3c0165cc765eaeb5.patch]
		8	Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
		9	---
		10	MagickCore/colorspace.c \| 6 +++---
		11	1 file changed, 3 insertions(+), 3 deletions(-)
		12
		13	diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
		14	index e3b7df339f6..9c5ea11e300 100644
		15	--- a/MagickCore/colorspace.c
		16	+++ b/MagickCore/colorspace.c
		17	@@ -329,11 +329,11 @@ static void inline ConvertXYZToJzazbz(const double X,const double Y,
		18	L=0.41478972Xp+0.579999Yp+0.0146480*Zp;
		19	M=(-0.2015100)Xp+1.120649Yp+0.0531008*Zp;
		20	S=(-0.0166008)Xp+0.264800Yp+0.6684799*Zp;
		21	- gamma=pow(L/white_luminance,Jzazbz_n);
		22	+ gamma=pow(L*PerceptibleReciprocal(white_luminance),Jzazbz_n);
		23	Lp=pow((Jzazbz_c1+Jzazbz_c2gamma)/(1.0+Jzazbz_c3gamma),Jzazbz_p);
		24	- gamma=pow(M/white_luminance,Jzazbz_n);
		25	+ gamma=pow(M*PerceptibleReciprocal(white_luminance),Jzazbz_n);
		26	Mp=pow((Jzazbz_c1+Jzazbz_c2gamma)/(1.0+Jzazbz_c3gamma),Jzazbz_p);
		27	- gamma=pow(S/white_luminance,Jzazbz_n);
		28	+ gamma=pow(S*PerceptibleReciprocal(white_luminance),Jzazbz_n);
		29	Sp=pow((Jzazbz_c1+Jzazbz_c2gamma)/(1.0+Jzazbz_c3gamma),Jzazbz_p);
		30	Iz=0.5Lp+0.5Mp;
		31	az=3.52400Lp-4.066708Mp+0.542708Sp+0.5;


diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2021-3610.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2021-3610.patch new file mode 100644 index 0000000000..ab42d506db --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/CVE-2021-3610.patch
@@ -0,0 +1,26 @@
		1	From 930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3 Mon Sep 17 00:00:00 2001
		2	From: Cristy <mikayla-grace@urban-warrior.org>
		3	Date: Thu, 27 May 2021 10:30:17 -0400
		4	Subject: [PATCH] eliminate heap buffer overflow vulnerability, thanks to
		5	ZhangJiaxing (@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group
		6
		7	CVE: CVE-2021-3610
		8	Upstream-Status: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3.patch]
		9	Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
		10	---
		11	coders/tiff.c \| 2 +-
		12	1 file changed, 1 insertion(+), 1 deletion(-)
		13
		14	diff --git a/coders/tiff.c b/coders/tiff.c
		15	index 277b9788be5..b88ce368ba5 100644
		16	--- a/coders/tiff.c
		17	+++ b/coders/tiff.c
		18	@@ -1894,7 +1894,7 @@ static Image ReadTIFFImage(const ImageInfo image_info,
		19	/*
		20	Convert stripped TIFF image.
		21	*/
		22	- extent=2*TIFFStripSize(tiff);
		23	+ extent=4*TIFFStripSize(tiff);
		24	#if defined(TIFF_VERSION_BIG)
		25	extent+=image->columns*sizeof(uint64);
		26	#else


diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2022-0284.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2022-0284.patch new file mode 100644 index 0000000000..2d1c0d7c8e --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/CVE-2022-0284.patch
@@ -0,0 +1,34 @@
		1	From e50f19fd73c792ebe912df8ab83aa51a243a3da7 Mon Sep 17 00:00:00 2001
		2	From: Cristy <urban-warrior@imagemagick.org>
		3	Date: Wed, 19 Jan 2022 16:26:12 -0500
		4	Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/4729
		5
		6	CVE: CVE-2022-0284
		7	Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7.patch]
		8	Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
		9	---
		10	coders/xpm.c \| 4 ++--
		11	1 file changed, 2 insertions(+), 2 deletions(-)
		12
		13	diff --git a/coders/xpm.c b/coders/xpm.c
		14	index 782ed732544..5f73df8bca4 100644
		15	--- a/coders/xpm.c
		16	+++ b/coders/xpm.c
		17	@@ -773,7 +773,7 @@ static MagickBooleanType WritePICONImage(const ImageInfo *image_info,
		18	break;
		19	for (x=0; x < (ssize_t) picon->columns; x++)
		20	{
		21	- if (GetPixelAlpha(image,q) == (Quantum) TransparentAlpha)
		22	+ if (GetPixelAlpha(picon,q) == (Quantum) TransparentAlpha)
		23	transparent=MagickTrue;
		24	else
		25	SetPixelAlpha(picon,OpaqueAlpha,q);
		26	@@ -804,7 +804,7 @@ static MagickBooleanType WritePICONImage(const ImageInfo *image_info,
		27	break;
		28	for (x=0; x < (ssize_t) picon->columns; x++)
		29	{
		30	- if (GetPixelAlpha(image,q) == (Quantum) TransparentAlpha)
		31	+ if (GetPixelAlpha(picon,q) == (Quantum) TransparentAlpha)
		32	SetPixelIndex(picon,(Quantum) picon->colors,q);
		33	q+=GetPixelChannels(picon);
		34	}


diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2022-2719.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2022-2719.patch new file mode 100644 index 0000000000..c17eba9afa --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/CVE-2022-2719.patch
@@ -0,0 +1,136 @@
		1	From 716496e6df0add89e9679d6da9c0afca814cfe49 Mon Sep 17 00:00:00 2001
		2	From: Cristy <urban-warrior@imagemagick.org>
		3	Date: Sun, 3 Apr 2022 14:35:29 -0400
		4	Subject: [PATCH] do not attempt to write a null image list (thanks to Vinay
		5	Rohila)
		6
		7	CVE: CVE-2022-2719
		8	Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/716496e6df0add89e9679d6da9c0afca814cfe49.patch]
		9	Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
		10	---
		11	MagickWand/operation.c \| 3 ++-
		12	coders/tim2.c \| 30 ++++++++++++++----------------
		13	2 files changed, 16 insertions(+), 17 deletions(-)
		14
		15	diff --git a/MagickWand/operation.c b/MagickWand/operation.c
		16	index 383dc7c8098..95596035367 100644
		17	--- a/MagickWand/operation.c
		18	+++ b/MagickWand/operation.c
		19	@@ -4893,7 +4893,8 @@ WandPrivate void CLINoImageOperator(Magi
		20	if (IfPlusOp)
		21	write_images=CloneImageList(_images,_exception);
		22	write_info=CloneImageInfo(_image_info);
		23	- (void) WriteImages(write_info,write_images,arg1,_exception);
		24	+ if (write_images != (Image *) NULL)
		25	+ (void) WriteImages(write_info,write_images,arg1,_exception);
		26	write_info=DestroyImageInfo(write_info);
		27	if (IfPlusOp)
		28	write_images=DestroyImageList(write_images);
		29	diff --git a/coders/tim2.c b/coders/tim2.c
		30	index e55170d8205..110542e45ba 100644
		31	--- a/coders/tim2.c
		32	+++ b/coders/tim2.c
		33	@@ -60,8 +60,7 @@
		34	#include "MagickCore/static.h"
		35	#include "MagickCore/string_.h"
		36	#include "MagickCore/module.h"
		37	-
		38	-
		39	+
		40	/*
		41	Typedef declarations
		42	*/
		43	@@ -123,8 +122,7 @@ typedef enum
		44	RGB24=1,
		45	RGBA16=2,
		46	} TIM2ColorEncoding;
		47	-
		48	-
		49	+
		50	/*
		51	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
		52	% %
		53	@@ -142,7 +140,8 @@ typedef enum
		54	%
		55	% The format of the ReadTIM2Image method is:
		56	%
		57	-% Image ReadTIM2Image(const ImageInfo image_info,ExceptionInfo *exception)
		58	+% Image ReadTIM2Image(const ImageInfo image_info,
		59	+% ExceptionInfo *exception)
		60	%
		61	% A description of each parameter follows:
		62	%
		63	@@ -600,13 +599,13 @@ static MagickBooleanType ReadTIM2ImageData(const ImageInfo *image_info,
		64	image_info->filename);
		65	break;
		66	}
		67	- if (csm==CSM1)
		68	+ if (csm == CSM1)
		69	{
		70	PixelInfo
		71	*oldColormap;
		72
		73	- oldColormap=(PixelInfo *) AcquireQuantumMemory((size_t)(image->colors)+1,
		74	- sizeof(*image->colormap));
		75	+ oldColormap=(PixelInfo *) AcquireQuantumMemory((size_t)(image->colors)+
		76	+ 1,sizeof(*image->colormap));
		77	if (oldColormap == (PixelInfo *) NULL)
		78	ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
		79	image_info->filename);
		80	@@ -617,7 +616,8 @@ static MagickBooleanType ReadTIM2ImageData(const ImageInfo *image_info,
		81	return(status);
		82	}
		83
		84	-static Image ReadTIM2Image(const ImageInfo image_info,ExceptionInfo *exception)
		85	+static Image ReadTIM2Image(const ImageInfo image_info,
		86	+ ExceptionInfo *exception)
		87	{
		88	Image
		89	*image;
		90	@@ -626,6 +626,7 @@ static Image ReadTIM2Image(const ImageInfo image_info,ExceptionInfo *exception
		91	status;
		92
		93	ssize_t
		94	+ i,
		95	str_read;
		96
		97	TIM2FileHeader
		98	@@ -685,7 +686,7 @@ static Image ReadTIM2Image(const ImageInfo image_info,ExceptionInfo *exception
		99	*/
		100	if (file_header.image_count != 1)
		101	ThrowReaderException(CoderError,"NumberOfImagesIsNotSupported");
		102	- for (int i=0; i < file_header.image_count; ++i)
		103	+ for (i=0; i < (ssize_t) file_header.image_count; i++)
		104	{
		105	char
		106	clut_depth,
		107	@@ -780,8 +781,7 @@ static Image ReadTIM2Image(const ImageInfo image_info,ExceptionInfo *exception
		108	break;
		109	}
		110	image=SyncNextImageInList(image);
		111	- status=SetImageProgress(image,LoadImagesTag,image->scene-1,
		112	- image->scene);
		113	+ status=SetImageProgress(image,LoadImagesTag,image->scene-1,image->scene);
		114	if (status == MagickFalse)
		115	break;
		116	}
		117	@@ -790,8 +790,7 @@ static Image ReadTIM2Image(const ImageInfo image_info,ExceptionInfo *exception
		118	return(DestroyImageList(image));
		119	return(GetFirstImageInList(image));
		120	}
		121	-
		122	-
		123	+
		124	/*
		125	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
		126	% %
		127	@@ -825,8 +824,7 @@ ModuleExport size_t RegisterTIM2Image(void)
		128	(void) RegisterMagickInfo(entry);
		129	return(MagickImageCoderSignature);
		130	}
		131	-
		132	-
		133	+
		134	/*
		135	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
		136	% %


diff --git a/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch b/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch new file mode 100644 index 0000000000..a8985757f2 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch
@@ -0,0 +1,178 @@
		1	From 70aa86f5d5d8aa605a918ed51f7574f433a18482 Mon Sep 17 00:00:00 2001
		2	From: Cristy <mikayla-grace@urban-warrior.org>
		3	Date: Thu, 25 Feb 2021 17:05:14 -0500
		4	Subject: [PATCH] possible divide by zero + clear buffers
		5
		6	---
		7	MagickCore/cipher.c \| 12 ++++++------
		8	MagickCore/colorspace.c \| 16 ++++++++--------
		9	MagickCore/memory.c \| 22 ++++++++++++++++------
		10	MagickCore/signature.c \| 2 +-
		11	coders/thumbnail.c \| 3 ++-
		12	5 files changed, 41 insertions(+), 25 deletions(-)
		13
		14	CVE: CVE-2021-20311
		15	CVE: CVE-2021-20312
		16	CVE: CVE-2021-20313
		17
		18	Upstream-Status: Backport[https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482.patch]
		19	Comment: Refreshed patch based on the codebase
		20
		21	Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
		22	diff --git a/MagickCore/cipher.c b/MagickCore/cipher.c
		23	index 057b11c4720..91ad1d1d662 100644
		24	--- a/MagickCore/cipher.c
		25	+++ b/MagickCore/cipher.c
		26	@@ -484,8 +484,8 @@ static void EncipherAESBlock(AESInfo *ae
		27	Reset registers.
		28	*/
		29	alpha=0;
		30	- (void) memset(key,0,sizeof(key));
		31	- (void) memset(text,0,sizeof(text));
		32	+ (void) ResetMagickMemory(key,0,sizeof(key));
		33	+ (void) ResetMagickMemory(text,0,sizeof(text));
		34	}
		35
		36
		37	/*
		38	@@ -708,8 +708,8 @@ MagickExport MagickBooleanType PasskeyDe
		39	*/
		40	quantum_info=DestroyQuantumInfo(quantum_info);
		41	aes_info=DestroyAESInfo(aes_info);
		42	- (void) memset(input_block,0,sizeof(input_block));
		43	- (void) memset(output_block,0,sizeof(output_block));
		44	+ (void) ResetMagickMemory(input_block,0,sizeof(input_block));
		45	+ (void) ResetMagickMemory(output_block,0,sizeof(output_block));
		46	return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse);
		47	}
		48
		49
		50	@@ -925,8 +925,8 @@ MagickExport MagickBooleanType PasskeyEn
		51	*/
		52	quantum_info=DestroyQuantumInfo(quantum_info);
		53	aes_info=DestroyAESInfo(aes_info);
		54	- (void) memset(input_block,0,sizeof(input_block));
		55	- (void) memset(output_block,0,sizeof(output_block));
		56	+ (void) ResetMagickMemory(input_block,0,sizeof(input_block));
		57	+ (void) ResetMagickMemory(output_block,0,sizeof(output_block));
		58	return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse);
		59	}
		60
		61
		62	diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
		63	index 2ffc72f88fa..e3b7df339f6 100644
		64	--- a/MagickCore/colorspace.c
		65	+++ b/MagickCore/colorspace.c
		66	@@ -940,15 +940,15 @@ static MagickBooleanType sRGBTransformImage(Image *image,
		67	if (logmap == (Quantum *) NULL)
		68	ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
		69	image->filename);
		70	- black=pow(10.0,(reference_black-reference_white)(gamma/density)0.002/
		71	- film_gamma);
		72	+ black=pow(10.0,(reference_black-reference_white)(gamma/density)0.002*
		73	+ PerceptibleReciprocal(film_gamma));
		74	#if defined(MAGICKCORE_OPENMP_SUPPORT)
		75	#pragma omp parallel for schedule(static)
		76	#endif
		77	for (i=0; i <= (ssize_t) MaxMap; i++)
		78	logmap[i]=ScaleMapToQuantum((double) (MaxMap*(reference_white+
		79	- log10(black+(1.0i/MaxMap)(1.0-black))/((gamma/density)*0.002/
		80	- film_gamma))/1024.0));
		81	+ log10(black+(1.0i/MaxMap)(1.0-black))/((gamma/density)0.002
		82	+ PerceptibleReciprocal(film_gamma)))/1024.0));
		83	image_view=AcquireAuthenticCacheView(image,exception);
		84	#if defined(MAGICKCORE_OPENMP_SUPPORT)
		85	#pragma omp parallel for schedule(static) shared(status) \
		86	@@ -2502,14 +2502,14 @@ static MagickBooleanType TransformsRGBImage(Image *image,
		87	if (logmap == (Quantum *) NULL)
		88	ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
		89	image->filename);
		90	- black=pow(10.0,(reference_black-reference_white)(gamma/density)0.002/
		91	- film_gamma);
		92	+ black=pow(10.0,(reference_black-reference_white)(gamma/density)0.002*
		93	+ PerceptibleReciprocal(film_gamma));
		94	for (i=0; i <= (ssize_t) (reference_black*MaxMap/1024.0); i++)
		95	logmap[i]=(Quantum) 0;
		96	for ( ; i < (ssize_t) (reference_white*MaxMap/1024.0); i++)
		97	logmap[i]=ClampToQuantum(QuantumRange/(1.0-black)*
		98	- (pow(10.0,(1024.0i/MaxMap-reference_white)(gamma/density)*0.002/
		99	- film_gamma)-black));
		100	+ (pow(10.0,(1024.0i/MaxMap-reference_white)(gamma/density)0.002
		101	+ PerceptibleReciprocal(film_gamma))-black));
		102	for ( ; i <= (ssize_t) MaxMap; i++)
		103	logmap[i]=QuantumRange;
		104	if (image->storage_class == PseudoClass)
		105	diff --git a/MagickCore/memory.c b/MagickCore/memory.c
		106	index 2598044486a..01bc80d86c5 100644
		107	--- a/MagickCore/memory.c
		108	+++ b/MagickCore/memory.c
		109	@@ -1269,26 +1269,36 @@ MagickExport MemoryInfo RelinquishVirtualMemory(MemoryInfo memory_info)
		110	% %
		111	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
		112	%
		113	-% ResetMagickMemory() fills the first size bytes of the memory area pointed to
		114	-% by memory with the constant byte c.
		115	+% ResetMagickMemory() fills the first size bytes of the memory area pointed to % by memory with the constant byte c. We use a volatile pointer when
		116	+% updating the byte string. Most compilers will avoid optimizing away access
		117	+% to a volatile pointer, even if the pointer appears to be unused after the
		118	+% call.
		119	%
		120	% The format of the ResetMagickMemory method is:
		121	%
		122	-% void ResetMagickMemory(void memory,int byte,const size_t size)
		123	+% void ResetMagickMemory(void memory,int c,const size_t size)
		124	%
		125	% A description of each parameter follows:
		126	%
		127	% o memory: a pointer to a memory allocation.
		128	%
		129	-% o byte: set the memory to this value.
		130	+% o c: set the memory to this value.
		131	%
		132	% o size: size of the memory to reset.
		133	%
		134	*/
		135	-MagickExport void ResetMagickMemory(void memory,int byte,const size_t size)
		136	+MagickExport void ResetMagickMemory(void memory,int c,const size_t size)
		137	{
		138	+ volatile unsigned char
		139	+ *p = memory;
		140	+
		141	+ size_t
		142	+ n = size;
		143	+
		144	assert(memory != (void *) NULL);
		145	- return(memset(memory,byte,size));
		146	+ while (n-- != 0)
		147	+ *p++=(unsigned char) c;
		148	+ return(memory);
		149	}
		150
		151	/*
		152	diff --git a/MagickCore/signature.c b/MagickCore/signature.c
		153	index 2d9b0801523..1f79c91b11b 100644
		154	--- a/MagickCore/signature.c
		155	+++ b/MagickCore/signature.c
		156	@@ -736,7 +736,7 @@ RestoreMSCWarning
		157	T=0;
		158	T1=0;
		159	T2=0;
		160	- (void) memset(W,0,sizeof(W));
		161	+ (void) ResetMagickMemory(W,0,sizeof(W));
		162	}
		163
		164	/*
		165	diff --git a/coders/thumbnail.c b/coders/thumbnail.c
		166	index 59d97380d9e..e92dd312011 100644
		167	--- a/coders/thumbnail.c
		168	+++ b/coders/thumbnail.c
		169	@@ -199,7 +199,8 @@ static MagickBooleanType WriteTHUMBNAILImage(const ImageInfo *image_info,
		170	break;
		171	q++;
		172	}
		173	- if ((q+length) > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)))
		174	+ if ((q > (GetStringInfoDatum(profile)+GetStringInfoLength(profile))) \|\|
		175	+ (length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q)))
		176	ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail");
		177	thumbnail_image=BlobToImage(image_info,q,length,exception);
		178	if (thumbnail_image == (Image *) NULL)


diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb index b8167f5a72..6108dece27 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -11,11 +11,28 @@ DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool"
11		11
12	BASE_PV := "${PV}"	12	BASE_PV := "${PV}"
13	PV .= "-62"	13	PV .= "-62"
14	SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https"	14	SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \
		15	file://CVE-2021-20309.patch \
		16	file://CVE-2021-20310.patch \
		17	file://CVE-2021-3610.patch \
		18	file://CVE-2022-0284.patch \
		19	file://fix-cipher-leak.patch \
		20	file://CVE-2022-2719.patch \
		21	"
		22
15	SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"	23	SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"
16		24
17	S = "${WORKDIR}/git"	25	S = "${WORKDIR}/git"
18		26
		27	# current version is not affected by the CVE which affects versions at least earlier than 6.9.4-0
		28	CVE_CHECK_IGNORE += "CVE-2014-9826"
		29
		30	# current version is not affected by the CVE which affects versions at least earlier than 6.9.4-0
		31	CVE_CHECK_IGNORE += "CVE-2016-7538"
		32
		33	# current version is not affected by the CVE which affects versions at least earlier than 7.0.4-4
		34	CVE_CHECK_IGNORE += "CVE-2017-5506"
		35
19	inherit autotools pkgconfig update-alternatives	36	inherit autotools pkgconfig update-alternatives
20		37
21	# xml disabled because it's using xml2-config --prefix to determine prefix which returns just /usr with our libxml2	38	# xml disabled because it's using xml2-config --prefix to determine prefix which returns just /usr with our libxml2