mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-13 17:39:57 +00:00
imagemagick: Fix CVE-2026-23876
Reference: https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Nitin Wankhade
committed by
Gyorgy Sarvari
Gyorgy Sarvari
parent
6577243d2c
commit
a9b824a500
@@ -0,0 +1,63 @@
|
|||||||
|
From 2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dirk Lemstra <dirk@lemstra.org>
|
||||||
|
Date: Sun, 18 Jan 2026 17:54:12 +0100
|
||||||
|
|
||||||
|
Subject: [PATCH] imagemagick: Fix CVE-2026-23876
|
||||||
|
CVE: CVE-2026-23876
|
||||||
|
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8]
|
||||||
|
Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com>
|
||||||
|
===
|
||||||
|
diff --git a/coders/xbm.c b/coders/xbm.c
|
||||||
|
index b036d5e..2d6bc9c 100644
|
||||||
|
--- a/coders/xbm.c
|
||||||
|
+++ b/coders/xbm.c
|
||||||
|
@@ -200,6 +200,10 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception)
|
||||||
|
short int
|
||||||
|
hex_digits[256];
|
||||||
|
|
||||||
|
+ size_t
|
||||||
|
+ bytes_per_line,
|
||||||
|
+ length;
|
||||||
|
+
|
||||||
|
ssize_t
|
||||||
|
y;
|
||||||
|
|
||||||
|
@@ -209,8 +213,6 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception)
|
||||||
|
unsigned int
|
||||||
|
bit,
|
||||||
|
byte,
|
||||||
|
- bytes_per_line,
|
||||||
|
- length,
|
||||||
|
padding,
|
||||||
|
version;
|
||||||
|
|
||||||
|
@@ -340,15 +342,15 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception)
|
||||||
|
if (((image->columns % 16) != 0) && ((image->columns % 16) < 9) &&
|
||||||
|
(version == 10))
|
||||||
|
padding=1;
|
||||||
|
- bytes_per_line=(unsigned int) (image->columns+7)/8+padding;
|
||||||
|
- length=(unsigned int) image->rows;
|
||||||
|
- data=(unsigned char *) AcquireQuantumMemory(length,bytes_per_line*
|
||||||
|
- sizeof(*data));
|
||||||
|
+ bytes_per_line=(image->columns+7)/8+padding;
|
||||||
|
+ if (HeapOverflowSanityCheckGetSize(bytes_per_line,image->rows,&length) != MagickFalse)
|
||||||
|
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
|
||||||
|
+ data=(unsigned char *) AcquireQuantumMemory(length,sizeof(*data));
|
||||||
|
if (data == (unsigned char *) NULL)
|
||||||
|
ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
|
||||||
|
p=data;
|
||||||
|
if (version == 10)
|
||||||
|
- for (i=0; i < (ssize_t) (bytes_per_line*image->rows); (i+=2))
|
||||||
|
+ for (i=0; i < (ssize_t) length; i+=2)
|
||||||
|
{
|
||||||
|
c=XBMInteger(image,hex_digits);
|
||||||
|
if (c < 0)
|
||||||
|
@@ -361,7 +363,7 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception)
|
||||||
|
*p++=(unsigned char) (c >> 8);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
- for (i=0; i < (ssize_t) (bytes_per_line*image->rows); i++)
|
||||||
|
+ for (i=0; i < (ssize_t) length; i++)
|
||||||
|
{
|
||||||
|
c=XBMInteger(image,hex_digits);
|
||||||
|
if (c < 0)
|
||||||
@@ -53,6 +53,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
|
|||||||
file://CVE-2025-68618.patch \
|
file://CVE-2025-68618.patch \
|
||||||
file://CVE-2026-22770.patch \
|
file://CVE-2026-22770.patch \
|
||||||
file://CVE-2026-23874.patch \
|
file://CVE-2026-23874.patch \
|
||||||
|
file://CVE-2026-23876.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"
|
SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"
|
||||||
|
|||||||
Reference in New Issue
Block a user