mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

ImageMagick: Fix CVE-2025-53019

Browse Source 
Backport the fix for CVE-2025-53019

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c]

Add below patch to fix CVE-2025-53019
0005-ImageMagick-Fix-CVE-2025-53019.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Divyanshu Rathore
2025-12-12 20:29:41 +05:30
committed by Gyorgy Sarvari
parent f0ce346514
commit a1c2509aea
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch
+33
View File
@@ -0,0 +1,33 @@
From c0367e544456895e77661481b76a55ac30d52420 Mon Sep 17 00:00:00 2001
From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
Date: Mon, 29 Sep 2025 15:38:57 +0530
Subject: [PATCH 05/18] ImageMagick: Fix CVE-2025-53019
Fixed memory leak when entering StreamImage multiple times.
CVE: CVE-2025-53019
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c.patch]
Comment: Refreshed hunk to match latest kirkstone
Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
---
MagickCore/stream.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/MagickCore/stream.c b/MagickCore/stream.c
index 28fa0f25b..bfa29f25e 100644
--- a/MagickCore/stream.c
+++ b/MagickCore/stream.c
@@ -1350,7 +1350,8 @@ MagickExport Image *StreamImage(const ImageInfo *image_info,
assert(exception != (ExceptionInfo *) NULL);
read_info=CloneImageInfo(image_info);
stream_info->image_info=image_info;
- stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL);
+ if (stream_info->quantum_info == (QuantumInfo *) NULL)
+ stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL);
if (stream_info->quantum_info == (QuantumInfo *) NULL)
{
read_info=DestroyImageInfo(read_info);
--
2.34.1
meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+1
View File
@@ -30,6 +30,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
file://0002-ImageMagick-Fix-CVE-2025-53101.patch \
file://0003-ImageMagick-Fix-CVE-2025-55160.patch \
file://0004-ImageMagick-Fix-CVE-2025-55005.patch \
file://0005-ImageMagick-Fix-CVE-2025-53019.patch \
"
SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"