mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

imagemagick: patch CVE-2025-55212

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55212

Backport the patch that is mentioned in the NVD advisory.

Notes about the backport:
The original patch deletes two extra lines compared to the backport:
those lines were a previous attempt[1] to solve the same vulnerability,
and the final patch reverted them. Since that patch wasn't part of the
recipe, those deletions were dropped from the backported patch.

The PerceptibleReciprocal function was renamed[2] to MagickSafeReciprocal
after the recipe's revision, but there were no functional changes
in the function's behavior.

[1]: https://github.com/ImageMagick/ImageMagick/commit/43d92bf855155e8e716ecbb50ed94c2ed41ff9f6
[2]: https://github.com/ImageMagick/ImageMagick/commit/7e5d87fe6e9

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-01-08 11:53:13 +01:00
committed by Anuj Mittal
parent 118df68d25
commit 29fa171a9d
2 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch
+29
View File
@@ -0,0 +1,29 @@
From 3cc6cf85fbe2d147c7b3d48e53f4e9f081448ae8 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 17 Aug 2025 14:33:44 -0400
Subject: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw
CVE: CVE-2025-55212
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
MagickCore/resize.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/MagickCore/resize.c b/MagickCore/resize.c
index ea6e535f4..298662f8a 100644
--- a/MagickCore/resize.c
+++ b/MagickCore/resize.c
@@ -4624,8 +4624,9 @@ MagickExport Image *ThumbnailImage(const Image *image,const size_t columns,
x_factor,
y_factor;
- x_factor=(ssize_t) image->columns/(ssize_t) columns;
- y_factor=(ssize_t) image->rows/(ssize_t) rows;
+ x_factor=(ssize_t) (image->columns*PerceptibleReciprocal((double)
+ columns));
+ y_factor=(ssize_t) (image->rows*PerceptibleReciprocal((double) rows));
if ((x_factor > 4) && (y_factor > 4))
{
thumbnail_image=SampleImage(clone_image,4*columns,4*rows,exception);
meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
+1
View File
@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
file://CVE-2025-55005.patch \
file://CVE-2025-55154.patch \
file://CVE-2025-55160.patch \
file://CVE-2025-55212.patch \
"
SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"