imagemagick: patch CVE-2025-55160

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55160 Pick the patch that mentions the related github advisory[1] in its commit message. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-06-14 05:49:57 +00:00 · 2026-01-08 11:53:12 +01:00
parent dd13a60248
commit 118df68d25
2 changed files with 160 additions and 0 deletions
@@ -0,0 +1,159 @@
+From fecf9ca80adecb7709446ee226d50ac079a37308 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sun, 10 Aug 2025 08:28:28 -0400
+Subject: [PATCH] 
+ https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x
+
+CVE: CVE-2025-55160
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/63d8769dd6a8f32f4096c71be9e08a2c081e47da]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ MagickCore/artifact.c | 17 ++++++++++++++++-
+ MagickCore/option.c   | 17 ++++++++++++++++-
+ MagickCore/profile.c  | 19 ++++++++++++++++++-
+ MagickCore/property.c | 18 ++++++++++++++++--
+ 4 files changed, 66 insertions(+), 5 deletions(-)
+
+diff --git a/MagickCore/artifact.c b/MagickCore/artifact.c
+index dae6aaaf0..764ef75a4 100644
+--- a/MagickCore/artifact.c
+++ b/MagickCore/artifact.c
+@@ -99,6 +99,21 @@
+ %    o clone_image: the source image for artifacts to clone.
+ %
+ */
+
+typedef char
+  *(*CloneKeyFunc)(const char *),
+  *(*CloneValueFunc)(const char *);
+
+static inline void *CloneArtifactKey(void *key)
+{
+  return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
+}
+
+static inline void *CloneArtifactValue(void *value)
+{
+  return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
+}
+
+ MagickExport MagickBooleanType CloneImageArtifacts(Image *image,
+   const Image *clone_image)
+ {
+@@ -117,7 +132,7 @@ MagickExport MagickBooleanType CloneImageArtifacts(Image *image,
+       if (image->artifacts != (void *) NULL)
+         DestroyImageArtifacts(image);
+       image->artifacts=CloneSplayTree((SplayTreeInfo *) clone_image->artifacts,
+-        (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString);
+        CloneArtifactKey,CloneArtifactValue);
+     }
+   return(MagickTrue);
+ }
+diff --git a/MagickCore/option.c b/MagickCore/option.c
+index eee6f943c..31c5fa99a 100644
+--- a/MagickCore/option.c
+++ b/MagickCore/option.c
+@@ -2361,6 +2361,21 @@ static const OptionInfo
+ %    o clone_info: the source image info for options to clone.
+ %
+ */
+
+typedef char
+  *(*CloneKeyFunc)(const char *),
+  *(*CloneValueFunc)(const char *);
+
+static inline void *CloneOptionKey(void *key)
+{
+  return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
+}
+
+static inline void *CloneOptionValue(void *value)
+{
+  return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
+}
+
+ MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info,
+   const ImageInfo *clone_info)
+ {
+@@ -2376,7 +2391,7 @@ MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info,
+       if (image_info->options != (void *) NULL)
+         DestroyImageOptions(image_info);
+       image_info->options=CloneSplayTree((SplayTreeInfo *) clone_info->options,
+-        (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString);
+        CloneOptionKey,CloneOptionValue);
+     }
+   return(MagickTrue);
+ }
+diff --git a/MagickCore/profile.c b/MagickCore/profile.c
+index a68e54f14..e131bd6ec 100644
+--- a/MagickCore/profile.c
+++ b/MagickCore/profile.c
+@@ -143,6 +143,23 @@ typedef struct _CMSExceptionInfo
+ %    o clone_image: the clone image.
+ %
+ */
+
+typedef char
+  *(*CloneKeyFunc)(const char *);
+
+typedef StringInfo
+  *(*CloneValueFunc)(const StringInfo *);
+
+static inline void *CloneProfileKey(void *key)
+{
+  return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
+}
+
+static inline void *CloneProfileValue(void *value)
+{
+  return((void *) ((CloneValueFunc) CloneStringInfo)((const StringInfo *) value));
+}
+
+ MagickExport MagickBooleanType CloneImageProfiles(Image *image,
+   const Image *clone_image)
+ {
+@@ -157,7 +174,7 @@ MagickExport MagickBooleanType CloneImageProfiles(Image *image,
+       if (image->profiles != (void *) NULL)
+         DestroyImageProfiles(image);
+       image->profiles=CloneSplayTree((SplayTreeInfo *) clone_image->profiles,
+-        (void *(*)(void *)) ConstantString,(void *(*)(void *)) CloneStringInfo);
+        CloneProfileKey,CloneProfileValue);
+     }
+   return(MagickTrue);
+ }
+diff --git a/MagickCore/property.c b/MagickCore/property.c
+index f11e87d8a..f8779f3a1 100644
+--- a/MagickCore/property.c
+++ b/MagickCore/property.c
+@@ -131,6 +131,21 @@
+ %    o clone_image: the clone image.
+ %
+ */
+
+typedef char
+  *(*CloneKeyFunc)(const char *),
+  *(*CloneValueFunc)(const char *);
+
+static inline void *ClonePropertyKey(void *key)
+{
+  return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
+}
+
+static inline void *ClonePropertyValue(void *value)
+{
+  return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
+}
+
+ MagickExport MagickBooleanType CloneImageProperties(Image *image,
+   const Image *clone_image)
+ {
+@@ -195,8 +210,7 @@ MagickExport MagickBooleanType CloneImageProperties(Image *image,
+       if (image->properties != (void *) NULL)
+         DestroyImageProperties(image);
+       image->properties=CloneSplayTree((SplayTreeInfo *)
+-        clone_image->properties,(void *(*)(void *)) ConstantString,
+-        (void *(*)(void *)) ConstantString);
+        clone_image->properties,ClonePropertyKey,ClonePropertyValue);
+     }
+   return(MagickTrue);
+ }
@@ -19,6 +19,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
           file://CVE-2025-55004.patch \
           file://CVE-2025-55005.patch \
           file://CVE-2025-55154.patch \
+           file://CVE-2025-55160.patch \
           "
 SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"