mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

imagemagick: Fix CVE-2025-68950

Browse Source 
ImageMagick is free and open-source software used for editing and
manipulating digital images. Prior to version 7.1.2-12, Magick fails
to check for circular references between two MVGs, leading to a
stack overflow. This is a DoS vulnerability, and any situation that
allows reading the mvg file will be affected.
Version 7.1.2-12 fixes the issue.
This is a minimal patch required for this cve.

Signed-off-by: Naman Jain <namanj1@kpit.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Naman Jain
2026-04-27 12:03:33 +05:30
committed by Gyorgy Sarvari
parent 1c0f533c21
commit 1da9d7f2f9
2 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/imagemagick/files/CVE-2025-68950.patch
+24
View File
@@ -0,0 +1,24 @@
From 204718c2211903949dcfc0df8e65ed066b008dec Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Fri, 26 Dec 2025 11:22:12 -0500
Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7rvh-xqp3-pr8j
Magick fails to check for circular references between two MVGs, leading to a stack overflow.
CVE: CVE-2025-68950
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec]
Comment: Refreshed the orignal patch based on 7.0.10-62 version of imagemagick
--- a/MagickCore/draw.c 2026-04-09 13:26:27.935293000 +0530
+++ b/MagickCore/draw.c 2026-04-16 11:52:23.007277997 +0530
@@ -5545,7 +5545,7 @@ MagickExport MagickBooleanType DrawPrimi
clone_info->size=DestroyString(clone_info->size);
if (clone_info->extract != (char *) NULL)
clone_info->extract=DestroyString(clone_info->extract);
- if (*clone_info->filename != '\0')
+ if ((*clone_info->filename != '\0') && (LocaleCompare(clone_info->magick,"mvg") != 0))
composite_images=ReadImage(clone_info,exception);
}
clone_info=DestroyImageInfo(clone_info);
meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+1
View File
@@ -55,6 +55,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
file://CVE-2026-23874.patch \
file://CVE-2026-23876.patch \
file://CVE-2025-62594.patch \
file://CVE-2025-68950.patch \
"
SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"