ImageMagick: Fix CVE-2025-55005

Backport the fix for CVE-2025-55005 Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57] Add below patch to fix 0004-ImageMagick-Fix-CVE-2025-55005.patch Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-06-14 05:49:57 +00:00 · 2025-12-12 20:29:40 +05:30
parent 7b1c9fa6fb
commit f0ce346514
2 changed files with 41 additions and 0 deletions
@@ -0,0 +1,40 @@
+From d16c2ff3b34a4785f089e956d2adfc5108fd63a8 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+Date: Fri, 3 Oct 2025 17:40:59 +0530
+Subject: [PATCH 04/18] ImageMagick: Fix CVE-2025-55005
+
+CVE: CVE-2025-55005
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57]
+Reference: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+---
+ MagickCore/colorspace.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
+index 2ffc72f88..0aeba03f8 100644
+--- a/MagickCore/colorspace.c
+++ b/MagickCore/colorspace.c
+@@ -2493,10 +2493,16 @@ static MagickBooleanType TransformsRGBImage(Image *image,
+       value=GetImageProperty(image,"reference-black",exception);
+       if (value != (const char *) NULL)
+         reference_black=StringToDouble(value,(char **) NULL);
+      if (reference_black > 1024.0)
+        reference_black=1024.0;
+       reference_white=ReferenceWhite;
+       value=GetImageProperty(image,"reference-white",exception);
+       if (value != (const char *) NULL)
+         reference_white=StringToDouble(value,(char **) NULL);
+      if (reference_white > 1024.0)
+        reference_white=1024.0;
+      if (reference_black > reference_white)
+        reference_black=reference_white;
+       logmap=(Quantum *) AcquireQuantumMemory((size_t) MaxMap+1UL,
+         sizeof(*logmap));
+       if (logmap == (Quantum *) NULL)
+-- 
+2.34.1
+
@@ -29,6 +29,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
    file://0001-ImageMagick-Fix-CVE-2025-53014.patch \
    file://0002-ImageMagick-Fix-CVE-2025-53101.patch \
    file://0003-ImageMagick-Fix-CVE-2025-55160.patch \
+    file://0004-ImageMagick-Fix-CVE-2025-55005.patch \
 "

 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"