new file mode 100644
@@ -0,0 +1,25 @@
+From 702a3003f5bcf76ea73d69f4cf8a24da2ef97a4a Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Thu, 26 Jun 2025 23:01:07 +0200
+Subject: [PATCH] Correct out of bounds read of a single byte.
+
+CVE: CVE-2025-53014
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ MagickCore/image.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/MagickCore/image.c b/MagickCore/image.c
+index 39d302875..03a5972d0 100644
+--- a/MagickCore/image.c
++++ b/MagickCore/image.c
+@@ -1678,7 +1678,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+ q=(char *) p+1;
+ if (*q == '%')
+ {
+- p=q+1;
++ p++;
+ continue;
+ }
+ field_width=0;
@@ -12,7 +12,9 @@ DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool"
BASE_PV = "${@d.getVar('PV').split('-')[0]}"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>([0-9][\.|_|-]?)+)"
-SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https"
+SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \
+ file://0001-Correct-out-of-bounds-read-of-a-single-byte.patch \
+ "
SRCREV = "a2d96f40e707ba54b57e7d98c3277d3ea6611ace"
S = "${WORKDIR}/git"
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53014 Pick the patch mentioned in the related Github advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- ...-out-of-bounds-read-of-a-single-byte.patch | 25 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1-43.bb | 4 ++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/0001-Correct-out-of-bounds-read-of-a-single-byte.patch