mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-12 03:24:08 +00:00
Code Issues Projects Releases Wiki Activity

imagemagick: patch CVE-2025-55005

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55005

Pick the patch that mentions the relevant github advisory in its commit message.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2025-10-08 22:59:09 +02:00
parent 75923b59dc
commit ccc4bcf76f
2 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
meta-oe/recipes-support/imagemagick/imagemagick/0001-CVE-2025-55005.patch Normal file
View File

@@ -0,0 +1,36 @@
From 75a044ff3d4b356a5a4c2100b907c3fadcd20ef5 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 7 Aug 2025 22:05:10 -0400
Subject: [PATCH] CVE-2025-55005
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
CVE: CVE-2025-55005
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
MagickCore/colorspace.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
index baeeb43dd..e18009f30 100644
--- a/MagickCore/colorspace.c
+++ b/MagickCore/colorspace.c
@@ -2397,10 +2397,16 @@ static MagickBooleanType TransformsRGBImage(Image *image,
value=GetImageProperty(image,"reference-black",exception);
if (value != (const char *) NULL)
reference_black=StringToDouble(value,(char **) NULL);
+ if (reference_black > 1024.0)
+ reference_black=1024.0;
reference_white=ReferenceWhite;
value=GetImageProperty(image,"reference-white",exception);
if (value != (const char *) NULL)
reference_white=StringToDouble(value,(char **) NULL);
+ if (reference_white > 1024.0)
+ reference_white=1024.0;
+ if (reference_black > reference_white)
+ reference_black=reference_white;
logmap=(Quantum *) AcquireQuantumMemory((size_t) MaxMap+1UL,
sizeof(*logmap));
if (logmap == (Quantum *) NULL)

1
meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
View File

@@ -19,6 +19,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
file://0001-Fixed-memory-leak-when-entering-StreamImage-multiple.patch \
file://0001-https-github.com-ImageMagick-ImageMagick-security-ad.patch \
file://0001-CVE-2025-55004.patch \
file://0001-CVE-2025-55005.patch \
"
SRCREV = "a2d96f40e707ba54b57e7d98c3277d3ea6611ace"