imagemagick: patch CVE-2025-53015

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53015 Backport the patches marked as a solution at the bottom of the relevant github advisory[1]. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-06-13 17:39:57 +00:00 · 2026-01-08 11:53:06 +01:00
parent e9916715c9
commit 7c479d21cd
2 changed files with 52 additions and 0 deletions
@@ -0,0 +1,51 @@
+From dee67b151cf3f25bde758d1fac9a42626715b3e5 Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Fri, 2 May 2025 18:33:17 +0200
+Subject: [PATCH] Added extra checks to make sure we don't get stuck in the
+ while loop.
+
+Added missing return.
+
+CVE: CVE-2025-53015
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0 and https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ MagickCore/image-private.h |  1 +
+ MagickCore/profile.c       | 12 ++++++++++++
+ 2 files changed, 13 insertions(+)
+
+diff --git a/MagickCore/image-private.h b/MagickCore/image-private.h
+index 4ce71c32c..11dca1072 100644
+--- a/MagickCore/image-private.h
+++ b/MagickCore/image-private.h
+@@ -52,6 +52,7 @@ extern "C" {
+ #define MAGICK_SIZE_MAX  (SIZE_MAX)
+ #define MAGICK_SSIZE_MAX  (SSIZE_MAX)
+ #define MAGICK_SSIZE_MIN  (-SSIZE_MAX-1)
+#define MAGICK_ULONG_MAX  (ULONG_MAX)
+ #define MatteColor  "#bdbdbd"  /* gray */
+ #define MatteColorRGBA  ScaleShortToQuantum(0xbdbd),\
+   ScaleShortToQuantum(0xbdbd),ScaleShortToQuantum(0xbdbd),OpaqueAlpha
+diff --git a/MagickCore/profile.c b/MagickCore/profile.c
+index 7eea1d32f..a68e54f14 100644
+--- a/MagickCore/profile.c
+++ b/MagickCore/profile.c
+@@ -2571,6 +2571,18 @@ static void GetXmpNumeratorAndDenominator(double value,
+   *denominator=1;
+   if (value <= MagickEpsilon)
+     return;
+  if (value > (double) MAGICK_ULONG_MAX)
+    {
+      *numerator = MAGICK_ULONG_MAX;
+      *denominator = 1;
+      return;
+    }
+  if (floor(value) == value)
+    {
+      *numerator = (unsigned long) value;
+      *denominator = 1;
+      return;
+    }
+   *numerator=1;
+   df=1.0;
+   while(fabs(df - value) > MagickEpsilon)
@@ -13,6 +13,7 @@ BASE_PV := "${PV}"
 PV .= "-47"
 SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \
           file://CVE-2025-53014.patch \
+           file://CVE-2025-53015.patch \
           "
 SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"