mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

imagemagick: patch CVE-2025-57807

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57807

Backport the patch that's mentioned in the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-01-08 11:53:15 +01:00
committed by Anuj Mittal
parent 9d92eeacdf
commit aeb80bb058
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57807.patch
+45
View File
@@ -0,0 +1,45 @@
From c3c9b87cfde14c543c98aa2358da8d4e915715fd Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 24 Aug 2025 12:32:18 -0400
Subject: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg
CVE: CVE-2025-57807
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
MagickCore/blob.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/MagickCore/blob.c b/MagickCore/blob.c
index d00b0ac57..5ee81a68b 100644
--- a/MagickCore/blob.c
+++ b/MagickCore/blob.c
@@ -1630,7 +1630,7 @@ static inline ssize_t WriteBlobStream(Image *image,const size_t length,
extent=(MagickSizeType) (blob_info->offset+(MagickOffsetType) length);
if (extent >= blob_info->extent)
{
- extent=blob_info->extent+blob_info->quantum+length;
+ extent+=blob_info->quantum+length;
blob_info->quantum<<=1;
if (SetBlobExtent(image,extent) == MagickFalse)
return(0);
@@ -5912,12 +5912,15 @@ MagickExport ssize_t WriteBlob(Image *image,const size_t length,
}
case BlobStream:
{
- if ((blob_info->offset+(MagickOffsetType) length) >=
- (MagickOffsetType) blob_info->extent)
+ MagickSizeType
+ extent;
+
+ extent=(MagickSizeType) (blob_info->offset+(MagickOffsetType) length);
+ if (extent >= blob_info->extent)
{
if (blob_info->mapped != MagickFalse)
return(0);
- blob_info->extent+=length+blob_info->quantum;
+ blob_info->extent=extent+blob_info->quantum+length;
blob_info->quantum<<=1;
blob_info->data=(unsigned char *) ResizeQuantumMemory(
blob_info->data,blob_info->extent+1,sizeof(*blob_info->data));
meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
+1
View File
@@ -22,6 +22,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
file://CVE-2025-55160.patch \
file://CVE-2025-55212.patch \
file://CVE-2025-57803.patch \
file://CVE-2025-57807.patch \
"
SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"