diff options
| -rw-r--r-- | meta-oe/recipes-support/imagemagick/files/0008-ImageMagick-Fix-CVE-2025-57807.patch | 51 | ||||
| -rw-r--r-- | meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb | 1 |
2 files changed, 52 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/imagemagick/files/0008-ImageMagick-Fix-CVE-2025-57807.patch b/meta-oe/recipes-support/imagemagick/files/0008-ImageMagick-Fix-CVE-2025-57807.patch new file mode 100644 index 0000000000..a0aab8afc3 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/0008-ImageMagick-Fix-CVE-2025-57807.patch | |||
| @@ -0,0 +1,51 @@ | |||
| 1 | From 3d1a6ecbeff10e05d0609125b6feec9ecace7b85 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in> | ||
| 3 | Date: Fri, 24 Oct 2025 12:37:14 +0530 | ||
| 4 | Subject: [PATCH 08/18] ImageMagick: Fix CVE-2025-57807 | ||
| 5 | |||
| 6 | CVE: CVE-2025-57807 | ||
| 7 | |||
| 8 | Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e] | ||
| 9 | |||
| 10 | Comment: Refreshed hunk to match latest kirkstone | ||
| 11 | |||
| 12 | Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in> | ||
| 13 | --- | ||
| 14 | MagickCore/blob.c | 11 +++++++---- | ||
| 15 | 1 file changed, 7 insertions(+), 4 deletions(-) | ||
| 16 | |||
| 17 | diff --git a/MagickCore/blob.c b/MagickCore/blob.c | ||
| 18 | index 6a15d4808..38af749fe 100644 | ||
| 19 | --- a/MagickCore/blob.c | ||
| 20 | +++ b/MagickCore/blob.c | ||
| 21 | @@ -1598,7 +1598,7 @@ static inline ssize_t WriteBlobStream(Image *image,const size_t length, | ||
| 22 | extent=(MagickSizeType) (blob_info->offset+(MagickOffsetType) length); | ||
| 23 | if (extent >= blob_info->extent) | ||
| 24 | { | ||
| 25 | - extent=blob_info->extent+blob_info->quantum+length; | ||
| 26 | + extent+=blob_info->quantum+length; | ||
| 27 | blob_info->quantum<<=1; | ||
| 28 | if (SetBlobExtent(image,extent) == MagickFalse) | ||
| 29 | return(0); | ||
| 30 | @@ -5774,12 +5774,15 @@ MagickExport ssize_t WriteBlob(Image *image,const size_t length, | ||
| 31 | } | ||
| 32 | case BlobStream: | ||
| 33 | { | ||
| 34 | - if ((blob_info->offset+(MagickOffsetType) length) >= | ||
| 35 | - (MagickOffsetType) blob_info->extent) | ||
| 36 | + MagickSizeType | ||
| 37 | + extent; | ||
| 38 | + | ||
| 39 | + extent=(MagickSizeType) (blob_info->offset+(MagickOffsetType) length); | ||
| 40 | + if (extent >= blob_info->extent) | ||
| 41 | { | ||
| 42 | if (blob_info->mapped != MagickFalse) | ||
| 43 | return(0); | ||
| 44 | - blob_info->extent+=length+blob_info->quantum; | ||
| 45 | + blob_info->extent=extent+blob_info->quantum+length; | ||
| 46 | blob_info->quantum<<=1; | ||
| 47 | blob_info->data=(unsigned char *) ResizeQuantumMemory( | ||
| 48 | blob_info->data,blob_info->extent+1,sizeof(*blob_info->data)); | ||
| 49 | -- | ||
| 50 | 2.34.1 | ||
| 51 | |||
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb index 7b06272e2a..34d3d560c8 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb | |||
| @@ -34,6 +34,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt | |||
| 34 | file://0006-ImageMagick-Fix-CVE-2025-55004.patch \ | 34 | file://0006-ImageMagick-Fix-CVE-2025-55004.patch \ |
| 35 | file://0007-ImageMagick-Add-support-patch-to-fix-CVE-2025-57803.patch \ | 35 | file://0007-ImageMagick-Add-support-patch-to-fix-CVE-2025-57803.patch \ |
| 36 | file://0007-ImageMagick-Fix-CVE-2025-57803.patch \ | 36 | file://0007-ImageMagick-Fix-CVE-2025-57803.patch \ |
| 37 | file://0008-ImageMagick-Fix-CVE-2025-57807.patch \ | ||
| 37 | " | 38 | " |
| 38 | 39 | ||
| 39 | SRCREV = "35b4991eb0939a327f3489988c366e21068b0178" | 40 | SRCREV = "35b4991eb0939a327f3489988c366e21068b0178" |