diff options
| author | Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in> | 2025-12-12 20:29:40 +0530 |
|---|---|---|
| committer | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-12-12 22:06:49 +0100 |
| commit | f0ce346514f319146893466132402f861b70698a (patch) | |
| tree | b5a05798477e20578c456d26493e2b7d941bbe21 /meta-oe | |
| parent | 7b1c9fa6fbefda3514fece16d4bddda4f0fa498b (diff) | |
| download | meta-openembedded-f0ce346514f319146893466132402f861b70698a.tar.gz | |
ImageMagick: Fix CVE-2025-55005
Backport the fix for CVE-2025-55005
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57]
Add below patch to fix
0004-ImageMagick-Fix-CVE-2025-55005.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Diffstat (limited to 'meta-oe')
| -rw-r--r-- | meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch | 40 | ||||
| -rw-r--r-- | meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb | 1 |
2 files changed, 41 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch b/meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch new file mode 100644 index 0000000000..ed33093022 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch | |||
| @@ -0,0 +1,40 @@ | |||
| 1 | From d16c2ff3b34a4785f089e956d2adfc5108fd63a8 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in> | ||
| 3 | Date: Fri, 3 Oct 2025 17:40:59 +0530 | ||
| 4 | Subject: [PATCH 04/18] ImageMagick: Fix CVE-2025-55005 | ||
| 5 | |||
| 6 | CVE: CVE-2025-55005 | ||
| 7 | Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57] | ||
| 8 | Reference: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp | ||
| 9 | |||
| 10 | Comment: Refreshed hunk to match latest kirkstone | ||
| 11 | |||
| 12 | Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in> | ||
| 13 | --- | ||
| 14 | MagickCore/colorspace.c | 6 ++++++ | ||
| 15 | 1 file changed, 6 insertions(+) | ||
| 16 | |||
| 17 | diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c | ||
| 18 | index 2ffc72f88..0aeba03f8 100644 | ||
| 19 | --- a/MagickCore/colorspace.c | ||
| 20 | +++ b/MagickCore/colorspace.c | ||
| 21 | @@ -2493,10 +2493,16 @@ static MagickBooleanType TransformsRGBImage(Image *image, | ||
| 22 | value=GetImageProperty(image,"reference-black",exception); | ||
| 23 | if (value != (const char *) NULL) | ||
| 24 | reference_black=StringToDouble(value,(char **) NULL); | ||
| 25 | + if (reference_black > 1024.0) | ||
| 26 | + reference_black=1024.0; | ||
| 27 | reference_white=ReferenceWhite; | ||
| 28 | value=GetImageProperty(image,"reference-white",exception); | ||
| 29 | if (value != (const char *) NULL) | ||
| 30 | reference_white=StringToDouble(value,(char **) NULL); | ||
| 31 | + if (reference_white > 1024.0) | ||
| 32 | + reference_white=1024.0; | ||
| 33 | + if (reference_black > reference_white) | ||
| 34 | + reference_black=reference_white; | ||
| 35 | logmap=(Quantum *) AcquireQuantumMemory((size_t) MaxMap+1UL, | ||
| 36 | sizeof(*logmap)); | ||
| 37 | if (logmap == (Quantum *) NULL) | ||
| 38 | -- | ||
| 39 | 2.34.1 | ||
| 40 | |||
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb index 305ecee8c3..2b68c93fff 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb | |||
| @@ -29,6 +29,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt | |||
| 29 | file://0001-ImageMagick-Fix-CVE-2025-53014.patch \ | 29 | file://0001-ImageMagick-Fix-CVE-2025-53014.patch \ |
| 30 | file://0002-ImageMagick-Fix-CVE-2025-53101.patch \ | 30 | file://0002-ImageMagick-Fix-CVE-2025-53101.patch \ |
| 31 | file://0003-ImageMagick-Fix-CVE-2025-55160.patch \ | 31 | file://0003-ImageMagick-Fix-CVE-2025-55160.patch \ |
| 32 | file://0004-ImageMagick-Fix-CVE-2025-55005.patch \ | ||
| 32 | " | 33 | " |
| 33 | 34 | ||
| 34 | SRCREV = "35b4991eb0939a327f3489988c366e21068b0178" | 35 | SRCREV = "35b4991eb0939a327f3489988c366e21068b0178" |
