imagemagick: patch CVE-2025-55154

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55154 Pick the patch that mentions the related github advisory[1] in its commit message. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-06-14 05:49:57 +00:00 · 2026-01-08 11:53:11 +01:00
parent df19121bc6
commit dd13a60248
2 changed files with 80 additions and 0 deletions
@@ -0,0 +1,79 @@
+From 963d61bbea3facd347262316201f3b8b7e3dc470 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sat, 9 Aug 2025 08:28:23 -0400
+Subject: [PATCH] 
+ https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82
+
+CVE: CVE-2025-55154
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/db986e4782e9f6cc42a0e50151dc4fe43641b337]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ coders/png.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/coders/png.c b/coders/png.c
+index c6fae6283..0191c6f1f 100644
+--- a/coders/png.c
+++ b/coders/png.c
+@@ -6398,19 +6398,19 @@ static Image *ReadOneMNGImage(MngReadInfo* mng_info,
+               mng_info->magn_methy = 1;
+             if (mng_info->magn_methx == 1)
+               {
+-                magnified_width=mng_info->magn_ml;
+                magnified_width=(size_t) mng_info->magn_ml;
+ 
+                 if (image->columns > 1)
+                    magnified_width += mng_info->magn_mr;
+ 
+                 if (image->columns > 2)
+-                   magnified_width += (png_uint_32)
+                   magnified_width += (size_t)
+                       ((image->columns-2)*(mng_info->magn_mx));
+               }
+ 
+             else
+               {
+-                magnified_width=(png_uint_32) image->columns;
+                magnified_width=(size_t) image->columns;
+ 
+                 if (image->columns > 1)
+                    magnified_width += mng_info->magn_ml-1;
+@@ -6419,25 +6419,25 @@ static Image *ReadOneMNGImage(MngReadInfo* mng_info,
+                    magnified_width += mng_info->magn_mr-1;
+ 
+                 if (image->columns > 3)
+-                   magnified_width += (png_uint_32)
+                   magnified_width += (size_t)
+                       ((image->columns-3)*(mng_info->magn_mx-1));
+               }
+ 
+             if (mng_info->magn_methy == 1)
+               {
+-                magnified_height=mng_info->magn_mt;
+                magnified_height=(size_t) mng_info->magn_mt;
+ 
+                 if (image->rows > 1)
+                    magnified_height += mng_info->magn_mb;
+ 
+                 if (image->rows > 2)
+-                   magnified_height += (png_uint_32)
+                   magnified_height += (size_t)
+                       ((image->rows-2)*(mng_info->magn_my));
+               }
+ 
+             else
+               {
+-                magnified_height=(png_uint_32) image->rows;
+                magnified_height=(size_t) image->rows;
+ 
+                 if (image->rows > 1)
+                    magnified_height += mng_info->magn_mt-1;
+@@ -6446,7 +6446,7 @@ static Image *ReadOneMNGImage(MngReadInfo* mng_info,
+                    magnified_height += mng_info->magn_mb-1;
+ 
+                 if (image->rows > 3)
+-                   magnified_height += (png_uint_32)
+                   magnified_height += (size_t)
+                       ((image->rows-3)*(mng_info->magn_my-1));
+               }
+ 
@@ -18,6 +18,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
           file://CVE-2025-53101.patch \
           file://CVE-2025-55004.patch \
           file://CVE-2025-55005.patch \
+           file://CVE-2025-55154.patch \
           "
 SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"