summaryrefslogtreecommitdiffstats
path: root/meta-oe
diff options
context:
space:
mode:
authorDivyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>2025-12-12 20:29:41 +0530
committerGyorgy Sarvari <skandigraun@gmail.com>2025-12-12 22:06:50 +0100
commita1c2509aea361672a2a87806a36dd4f867101582 (patch)
tree2b86b33cf1156069904df86ee7828093bcc55d97 /meta-oe
parentf0ce346514f319146893466132402f861b70698a (diff)
downloadmeta-openembedded-a1c2509aea361672a2a87806a36dd4f867101582.tar.gz
ImageMagick: Fix CVE-2025-53019
Backport the fix for CVE-2025-53019 Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c] Add below patch to fix CVE-2025-53019 0005-ImageMagick-Fix-CVE-2025-53019.patch Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Diffstat (limited to 'meta-oe')
-rw-r--r--meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch33
-rw-r--r--meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb1
2 files changed, 34 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch b/meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch
new file mode 100644
index 0000000000..c5bc15386a
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch
@@ -0,0 +1,33 @@
1From c0367e544456895e77661481b76a55ac30d52420 Mon Sep 17 00:00:00 2001
2From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
3Date: Mon, 29 Sep 2025 15:38:57 +0530
4Subject: [PATCH 05/18] ImageMagick: Fix CVE-2025-53019
5
6Fixed memory leak when entering StreamImage multiple times.
7CVE: CVE-2025-53019
8Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c.patch]
9
10Comment: Refreshed hunk to match latest kirkstone
11
12Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
13---
14 MagickCore/stream.c | 3 ++-
15 1 file changed, 2 insertions(+), 1 deletion(-)
16
17diff --git a/MagickCore/stream.c b/MagickCore/stream.c
18index 28fa0f25b..bfa29f25e 100644
19--- a/MagickCore/stream.c
20+++ b/MagickCore/stream.c
21@@ -1350,7 +1350,8 @@ MagickExport Image *StreamImage(const ImageInfo *image_info,
22 assert(exception != (ExceptionInfo *) NULL);
23 read_info=CloneImageInfo(image_info);
24 stream_info->image_info=image_info;
25- stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL);
26+ if (stream_info->quantum_info == (QuantumInfo *) NULL)
27+ stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL);
28 if (stream_info->quantum_info == (QuantumInfo *) NULL)
29 {
30 read_info=DestroyImageInfo(read_info);
31--
322.34.1
33
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index 2b68c93fff..d3d83fc453 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -30,6 +30,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
30 file://0002-ImageMagick-Fix-CVE-2025-53101.patch \ 30 file://0002-ImageMagick-Fix-CVE-2025-53101.patch \
31 file://0003-ImageMagick-Fix-CVE-2025-55160.patch \ 31 file://0003-ImageMagick-Fix-CVE-2025-55160.patch \
32 file://0004-ImageMagick-Fix-CVE-2025-55005.patch \ 32 file://0004-ImageMagick-Fix-CVE-2025-55005.patch \
33 file://0005-ImageMagick-Fix-CVE-2025-53019.patch \
33" 34"
34 35
35SRCREV = "35b4991eb0939a327f3489988c366e21068b0178" 36SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"