| Message ID | 20250706063626.818120-1-thakur.virendra1810@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-oe,scarthgap] imagemagick: Fix CVE-2022-28463 | expand |
On 7/6/25 2:36 AM, Virendra Thakur wrote: > ImageMagick is vulnerable to Buffer Overflow. > > Reference: https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f The recipe version is for kirkstone. - armin > > Signed-off-by: Virendra Thakur <thakur.virendra1810@gmail.com> > --- > .../imagemagick/files/CVE-2022-28463.patch | 27 +++++++++++++++++++ > .../imagemagick/imagemagick_7.0.10.bb | 5 +++- > 2 files changed, 31 insertions(+), 1 deletion(-) > create mode 100644 meta-oe/recipes-support/imagemagick/files/CVE-2022-28463.patch > > diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2022-28463.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2022-28463.patch > new file mode 100644 > index 0000000000..c7730957bc > --- /dev/null > +++ b/meta-oe/recipes-support/imagemagick/files/CVE-2022-28463.patch > @@ -0,0 +1,27 @@ > +From ca3654ebf7a439dc736f56f083c9aa98e4464b7f Mon Sep 17 00:00:00 2001 > +From: Cristy <urban-warrior@imagemagick.org> > +Date: Sat, 26 Mar 2022 09:26:57 -0400 > +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/4988 > + > +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f] > + > +CVE: CVE-2022-28463 > +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> > + > +--- > + coders/cin.c | 2 ++ > + 1 file changed, 2 insertions(+) > + > +diff --git a/coders/cin.c b/coders/cin.c > +index e266e7f3c56..23fc17e0890 100644 > +--- a/coders/cin.c > ++++ b/coders/cin.c > +@@ -451,6 +451,8 @@ static Image *ReadCINImage(const ImageInfo *image_info,ExceptionInfo *exception) > + image->endian=(magick[0] == 0x80) && (magick[1] == 0x2a) && > + (magick[2] == 0x5f) && (magick[3] == 0xd7) ? MSBEndian : LSBEndian; > + cin.file.image_offset=ReadBlobLong(image); > ++ if (cin.file.image_offset < 712) > ++ ThrowReaderException(CorruptImageError,"ImproperImageHeader"); > + offset+=4; > + cin.file.generic_length=ReadBlobLong(image); > + offset+=4; > diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb > index b8167f5a72..db786ea3a5 100644 > --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb > +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb > @@ -11,7 +11,10 @@ DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool" > > BASE_PV := "${PV}" > PV .= "-62" > -SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https" > +SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \ > + file://CVE-2022-28463.patch \ > + " > + > SRCREV = "35b4991eb0939a327f3489988c366e21068b0178" > > S = "${WORKDIR}/git"
diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2022-28463.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2022-28463.patch new file mode 100644 index 0000000000..c7730957bc --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/CVE-2022-28463.patch @@ -0,0 +1,27 @@ +From ca3654ebf7a439dc736f56f083c9aa98e4464b7f Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Sat, 26 Mar 2022 09:26:57 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/4988 + +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f] + +CVE: CVE-2022-28463 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> + +--- + coders/cin.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/coders/cin.c b/coders/cin.c +index e266e7f3c56..23fc17e0890 100644 +--- a/coders/cin.c ++++ b/coders/cin.c +@@ -451,6 +451,8 @@ static Image *ReadCINImage(const ImageInfo *image_info,ExceptionInfo *exception) + image->endian=(magick[0] == 0x80) && (magick[1] == 0x2a) && + (magick[2] == 0x5f) && (magick[3] == 0xd7) ? MSBEndian : LSBEndian; + cin.file.image_offset=ReadBlobLong(image); ++ if (cin.file.image_offset < 712) ++ ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + offset+=4; + cin.file.generic_length=ReadBlobLong(image); + offset+=4; diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb index b8167f5a72..db786ea3a5 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb @@ -11,7 +11,10 @@ DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool" BASE_PV := "${PV}" PV .= "-62" -SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https" +SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \ + file://CVE-2022-28463.patch \ + " + SRCREV = "35b4991eb0939a327f3489988c366e21068b0178" S = "${WORKDIR}/git"
ImageMagick is vulnerable to Buffer Overflow. Reference: https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f Signed-off-by: Virendra Thakur <thakur.virendra1810@gmail.com> --- .../imagemagick/files/CVE-2022-28463.patch | 27 +++++++++++++++++++ .../imagemagick/imagemagick_7.0.10.bb | 5 +++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/imagemagick/files/CVE-2022-28463.patch