ImageMagick: Fix CVE-2025-53014

Backport the fix for CVE-2025-53014 Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03] Add below patch to fix CVE-2025-53014 0001-ImageMagick-Fix-CVE-2025-53014.patch Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-06-13 17:39:57 +00:00 · 2025-12-12 20:29:37 +05:30
parent cac725f7d2
commit 520f64ef3c
2 changed files with 33 additions and 0 deletions
@@ -0,0 +1,32 @@
+From a16d86759bd9171fca247c4e764ffeeeb7232d9b Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+Date: Mon, 29 Sep 2025 13:56:59 +0530
+Subject: [PATCH 01/18] ImageMagick: Fix CVE-2025-53014
+
+Correct out of bounds read of a single byte.
+CVE: CVE-2025-53014
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03.patch]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+---
+ MagickCore/image.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/MagickCore/image.c b/MagickCore/image.c
+index 34804e522..fe2a1cb5f 100644
+--- a/MagickCore/image.c
+++ b/MagickCore/image.c
+@@ -1661,7 +1661,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+     q=(char *) p+1;
+     if (*q == '%')
+       {
+-        p=q+1;
+        p++;
+         continue;
+       }
+     field_width=0;
+-- 
+2.34.1
+
@@ -26,6 +26,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
    file://CVE-2023-34474.patch \
    file://CVE-2023-5341.patch \
    file://CVE-2022-28463.patch \
+    file://0001-ImageMagick-Fix-CVE-2025-53014.patch \
 "

 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"