summaryrefslogtreecommitdiffstats
path: root/meta-oe
diff options
context:
space:
mode:
authorDivyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>2025-12-12 20:29:40 +0530
committerGyorgy Sarvari <skandigraun@gmail.com>2025-12-12 22:06:49 +0100
commitf0ce346514f319146893466132402f861b70698a (patch)
treeb5a05798477e20578c456d26493e2b7d941bbe21 /meta-oe
parent7b1c9fa6fbefda3514fece16d4bddda4f0fa498b (diff)
downloadmeta-openembedded-f0ce346514f319146893466132402f861b70698a.tar.gz
ImageMagick: Fix CVE-2025-55005
Backport the fix for CVE-2025-55005 Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57] Add below patch to fix 0004-ImageMagick-Fix-CVE-2025-55005.patch Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Diffstat (limited to 'meta-oe')
-rw-r--r--meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch40
-rw-r--r--meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb1
2 files changed, 41 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch b/meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch
new file mode 100644
index 0000000000..ed33093022
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch
@@ -0,0 +1,40 @@
1From d16c2ff3b34a4785f089e956d2adfc5108fd63a8 Mon Sep 17 00:00:00 2001
2From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
3Date: Fri, 3 Oct 2025 17:40:59 +0530
4Subject: [PATCH 04/18] ImageMagick: Fix CVE-2025-55005
5
6CVE: CVE-2025-55005
7Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57]
8Reference: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
9
10Comment: Refreshed hunk to match latest kirkstone
11
12Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
13---
14 MagickCore/colorspace.c | 6 ++++++
15 1 file changed, 6 insertions(+)
16
17diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
18index 2ffc72f88..0aeba03f8 100644
19--- a/MagickCore/colorspace.c
20+++ b/MagickCore/colorspace.c
21@@ -2493,10 +2493,16 @@ static MagickBooleanType TransformsRGBImage(Image *image,
22 value=GetImageProperty(image,"reference-black",exception);
23 if (value != (const char *) NULL)
24 reference_black=StringToDouble(value,(char **) NULL);
25+ if (reference_black > 1024.0)
26+ reference_black=1024.0;
27 reference_white=ReferenceWhite;
28 value=GetImageProperty(image,"reference-white",exception);
29 if (value != (const char *) NULL)
30 reference_white=StringToDouble(value,(char **) NULL);
31+ if (reference_white > 1024.0)
32+ reference_white=1024.0;
33+ if (reference_black > reference_white)
34+ reference_black=reference_white;
35 logmap=(Quantum *) AcquireQuantumMemory((size_t) MaxMap+1UL,
36 sizeof(*logmap));
37 if (logmap == (Quantum *) NULL)
38--
392.34.1
40
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index 305ecee8c3..2b68c93fff 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -29,6 +29,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
29 file://0001-ImageMagick-Fix-CVE-2025-53014.patch \ 29 file://0001-ImageMagick-Fix-CVE-2025-53014.patch \
30 file://0002-ImageMagick-Fix-CVE-2025-53101.patch \ 30 file://0002-ImageMagick-Fix-CVE-2025-53101.patch \
31 file://0003-ImageMagick-Fix-CVE-2025-55160.patch \ 31 file://0003-ImageMagick-Fix-CVE-2025-55160.patch \
32 file://0004-ImageMagick-Fix-CVE-2025-55005.patch \
32" 33"
33 34
34SRCREV = "35b4991eb0939a327f3489988c366e21068b0178" 35SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"