mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

imagemagick: patch CVE-2025-53101

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53101

Backport the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-01-08 11:53:08 +01:00
committed by Anuj Mittal
parent 482f541705
commit 2d4ca24273
2 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53101.patch
+54
View File
@@ -0,0 +1,54 @@
From 682d679b300cdcbb0990742c29cd4397fe43c65d Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Fri, 27 Jun 2025 20:02:12 -0400
Subject: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
CVE: CVE-2025-53101
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
MagickCore/image.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/MagickCore/image.c b/MagickCore/image.c
index 1b242f828..ca89e9cc4 100644
--- a/MagickCore/image.c
+++ b/MagickCore/image.c
@@ -1665,7 +1665,6 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
canonical;
ssize_t
- field_width,
offset;
canonical=MagickFalse;
@@ -1681,21 +1680,23 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
p++;
continue;
}
- field_width=0;
- if (*q == '0')
- field_width=(ssize_t) strtol(q,&q,10);
switch (*q)
{
case 'd':
case 'o':
case 'x':
{
+ ssize_t
+ count;
+
q++;
c=(*q);
*q='\0';
- (void) FormatLocaleString(filename+(p-format-offset),(size_t)
+ count=FormatLocaleString(filename+(p-format-offset),(size_t)
(MagickPathExtent-(p-format-offset)),p,value);
- offset+=(4-field_width);
+ if ((count <= 0) || (count > (MagickPathExtent-(p-format-offset))))
+ return(0);
+ offset+=(ssize_t) ((q-p)-count);
*q=c;
(void) ConcatenateMagickString(filename,q,MagickPathExtent);
canonical=MagickTrue;
meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
+1
View File
@@ -15,6 +15,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
file://CVE-2025-53014.patch \ file://CVE-2025-53014.patch \
file://CVE-2025-53015.patch \ file://CVE-2025-53015.patch \
file://CVE-2025-53019.patch \ file://CVE-2025-53019.patch \
file://CVE-2025-53101.patch \
" "
SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"