mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
imagemagick: patch CVE-2025-55004
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55004 Pick the patch that mentions the related github advisory[1] explicitly in its commit message. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
committed by
Anuj Mittal
parent
2d4ca24273
commit
b32dcf53ce
@@ -0,0 +1,65 @@
|
|||||||
|
From e3b2eba8a84e7c4222bcf1a843c1677b7406db3f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Cristy <urban-warrior@imagemagick.org>
|
||||||
|
Date: Thu, 7 Aug 2025 19:14:00 -0400
|
||||||
|
Subject: [PATCH]
|
||||||
|
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
|
||||||
|
|
||||||
|
CVE: CVE-2025-55004
|
||||||
|
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/55d97055e00a7bc7ae2776c99824002fbb4a72aa]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
coders/png.c | 33 ++++++++++-----------------------
|
||||||
|
1 file changed, 10 insertions(+), 23 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/coders/png.c b/coders/png.c
|
||||||
|
index 23a96e4d0..c6fae6283 100644
|
||||||
|
--- a/coders/png.c
|
||||||
|
+++ b/coders/png.c
|
||||||
|
@@ -4785,37 +4785,24 @@ static Image *ReadOneJNGImage(MngReadInfo *mng_info,
|
||||||
|
jng_image=ReadImage(alpha_image_info,exception);
|
||||||
|
|
||||||
|
if (jng_image != (Image *) NULL)
|
||||||
|
- for (y=0; y < (ssize_t) image->rows; y++)
|
||||||
|
{
|
||||||
|
- s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception);
|
||||||
|
- q=GetAuthenticPixels(image,0,y,image->columns,1,exception);
|
||||||
|
- if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL))
|
||||||
|
- break;
|
||||||
|
+ image->alpha_trait=BlendPixelTrait;
|
||||||
|
+ for (y=0; y < (ssize_t) image->rows; y++)
|
||||||
|
+ {
|
||||||
|
+ s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception);
|
||||||
|
+ q=GetAuthenticPixels(image,0,y,image->columns,1,exception);
|
||||||
|
+ if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL))
|
||||||
|
+ break;
|
||||||
|
|
||||||
|
- if (image->alpha_trait != UndefinedPixelTrait)
|
||||||
|
for (x=(ssize_t) image->columns; x != 0; x--)
|
||||||
|
{
|
||||||
|
SetPixelAlpha(image,GetPixelRed(jng_image,s),q);
|
||||||
|
q+=(ptrdiff_t) GetPixelChannels(image);
|
||||||
|
s+=(ptrdiff_t) GetPixelChannels(jng_image);
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- else
|
||||||
|
- for (x=(ssize_t) image->columns; x != 0; x--)
|
||||||
|
- {
|
||||||
|
- Quantum
|
||||||
|
- alpha;
|
||||||
|
-
|
||||||
|
- alpha=GetPixelRed(jng_image,s);
|
||||||
|
- SetPixelAlpha(image,alpha,q);
|
||||||
|
- if (alpha != OpaqueAlpha)
|
||||||
|
- image->alpha_trait=BlendPixelTrait;
|
||||||
|
- q+=(ptrdiff_t) GetPixelChannels(image);
|
||||||
|
- s+=(ptrdiff_t) GetPixelChannels(jng_image);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (SyncAuthenticPixels(image,exception) == MagickFalse)
|
||||||
|
- break;
|
||||||
|
+ if (SyncAuthenticPixels(image,exception) == MagickFalse)
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
(void) RelinquishUniqueFileResource(alpha_image->filename);
|
||||||
|
alpha_image=DestroyImageList(alpha_image);
|
||||||
@@ -16,6 +16,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
|
|||||||
file://CVE-2025-53015.patch \
|
file://CVE-2025-53015.patch \
|
||||||
file://CVE-2025-53019.patch \
|
file://CVE-2025-53019.patch \
|
||||||
file://CVE-2025-53101.patch \
|
file://CVE-2025-53101.patch \
|
||||||
|
file://CVE-2025-55004.patch \
|
||||||
"
|
"
|
||||||
SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"
|
SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user