mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

imagemagick: patch CVE-2025-68618

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68618

Backport the commit that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-03-11 20:04:16 +01:00
committed by Anuj Mittal
parent 14bb7501b0
commit 8d896ff2ae
2 changed files with 110 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-68618.patch
+109
View File
@@ -0,0 +1,109 @@
From 68f99b5094315eb3b4020f01bf9fab9a7c5c40a1 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 21 Dec 2025 12:43:08 -0500
Subject: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637
CVE: CVE-2025-68618
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
coders/msl.c | 24 ++++++++++++++++--------
coders/svg.c | 8 +++++++-
2 files changed, 23 insertions(+), 9 deletions(-)
diff --git a/coders/msl.c b/coders/msl.c
index dc7a8bfd8..80468b1ff 100644
--- a/coders/msl.c
+++ b/coders/msl.c
@@ -120,6 +120,7 @@ typedef struct _MSLInfo
*exception;
ssize_t
+ depth,
n,
number_groups;
@@ -328,6 +329,10 @@ static void MSLStartElement(void *context,const xmlChar *tag,
RectangleInfo
geometry;
+ size_t
+ height,
+ width;
+
ssize_t
i,
j,
@@ -336,11 +341,6 @@ static void MSLStartElement(void *context,const xmlChar *tag,
x,
y;
-
- size_t
- height,
- width;
-
xmlParserCtxtPtr
parser;
@@ -352,6 +352,13 @@ static void MSLStartElement(void *context,const xmlChar *tag,
exception=AcquireExceptionInfo();
parser=(xmlParserCtxtPtr) context;
msl_info=(MSLInfo *) parser->_private;
+ if (msl_info->depth++ >= MagickMaxRecursionDepth)
+ {
+ (void) ThrowMagickException(msl_info->exception,GetMagickModule(),
+ DrawError,"VectorGraphicsNestedTooDeeply","`%s'",tag);
+ xmlStopParser((xmlParserCtxtPtr) context);
+ return;
+ }
n=msl_info->n;
keyword=(const char *) NULL;
value=(char *) NULL;
@@ -7057,15 +7064,15 @@ static void MSLStartElement(void *context,const xmlChar *tag,
static void MSLEndElement(void *context,const xmlChar *tag)
{
- ssize_t
- n;
-
MSLInfo
*msl_info;
xmlParserCtxtPtr
parser;
+ ssize_t
+ n;
+
/*
Called when the end of an element has been detected.
*/
@@ -7158,6 +7165,7 @@ static void MSLEndElement(void *context,const xmlChar *tag)
}
if (msl_info->content != (char *) NULL)
msl_info->content=DestroyString(msl_info->content);
+ msl_info->depth--;
}
static void MSLCharacters(void *context,const xmlChar *c,int length)
diff --git a/coders/svg.c b/coders/svg.c
index b1ac0783d..6a069745f 100644
--- a/coders/svg.c
+++ b/coders/svg.c
@@ -1249,7 +1249,13 @@ static void SVGStartElement(void *context,const xmlChar *name,
name);
parser=(xmlParserCtxtPtr) context;
svg_info=(SVGInfo *) parser->_private;
- svg_info->n++;
+ if (svg_info->n++ > MagickMaxRecursionDepth)
+ {
+ (void) ThrowMagickException(svg_info->exception,GetMagickModule(),
+ DrawError,"VectorGraphicsNestedTooDeeply","`%s'",name);
+ xmlStopParser((xmlParserCtxtPtr) context);
+ return;
+ }
svg_info->scale=(double *) ResizeQuantumMemory(svg_info->scale,(size_t)
svg_info->n+1,sizeof(*svg_info->scale));
if (svg_info->scale == (double *) NULL)
meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
+1
View File
@@ -26,6 +26,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
file://CVE-2025-62171.patch \
file://CVE-2025-65955.patch \
file://CVE-2025-66628.patch \
file://CVE-2025-68618.patch \
"
SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"