imagemagick: patch CVE-2025-62171

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-62171 Pick the patch that's mentioned by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-06-14 05:49:57 +00:00 · 2026-01-08 11:53:16 +01:00
parent aeb80bb058
commit 24e4caa837
2 changed files with 27 additions and 0 deletions
@@ -0,0 +1,26 @@
+From 9214d0e007656d5385d51f31b215cc54225aab3c Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Sun, 12 Oct 2025 20:43:14 +0200
+Subject: [PATCH] Added extra check to resolve issue on 32-bit systems
+ (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm)
+
+CVE: CVE-2025-62171
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ coders/bmp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/coders/bmp.c b/coders/bmp.c
+index 5c75e7f23..7647a0296 100644
+--- a/coders/bmp.c
+++ b/coders/bmp.c
+@@ -1116,6 +1116,8 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
+       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     if (bmp_info.compression == BI_RLE4)
+       bmp_info.bits_per_pixel<<=1;
+    if (BMPOverflowCheck(image->columns,bmp_info.bits_per_pixel) != MagickFalse)
+      ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+     extent=image->columns*bmp_info.bits_per_pixel;
+     bytes_per_line=4*((extent+31)/32);
+     if (BMPOverflowCheck(bytes_per_line,image->rows) != MagickFalse)
@@ -23,6 +23,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
           file://CVE-2025-55212.patch \
           file://CVE-2025-57803.patch \
           file://CVE-2025-57807.patch \
+           file://CVE-2025-62171.patch \
           "
 SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"