[meta-oe,walnascar,11/11] imagemagick: patch CVE-2025-57807

Message ID	20251008205914.598660-11-skandigraun@gmail.com
State	New
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.208.50, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][walnascar][PATCH 11/11] imagemagick: patch CVE-2025-57807 Date: Wed, 8 Oct 2025 22:59:14 +0200 Message-ID: <20251008205914.598660-11-skandigraun@gmail.com> In-Reply-To: <20251008205914.598660-1-skandigraun@gmail.com> References: <20251008205914.598660-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,walnascar,01/11] imagemagick: patch CVE-2025-53014 \| expand [meta-oe,walnascar,01/11] imagemagick: patch CVE-2025-53014 [meta-oe,walnascar,02/11] imagemagick: patch CVE-2025-53015 [meta-oe,walnascar,03/11] imagemagick: patch CVE-2025-53019 [meta-oe,walnascar,04/11] imagemagick: patch CVE-2025-53101 [meta-oe,walnascar,05/11] imagemagick: patch CVE-2025-55004 [meta-oe,walnascar,06/11] imagemagick: patch CVE-2025-55005 [meta-oe,walnascar,07/11] imagemagick: patch CVE-2025-55154 [meta-oe,walnascar,08/11] imagemagick: patch CVE-2025-55160 [meta-oe,walnascar,09/11] imagemagick: patch CVE-2025-55212 [meta-oe,walnascar,10/11] imagemagick: patch CVE-2025-57803 [meta-oe,walnascar,11/11] imagemagick: patch CVE-2025-57807

Message ID

20251008205914.598660-11-skandigraun@gmail.com

State

New

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][walnascar][PATCH 11/11] imagemagick: patch CVE-2025-57807
Date: Wed,  8 Oct 2025 22:59:14 +0200
Message-ID: <20251008205914.598660-11-skandigraun@gmail.com>
In-Reply-To: <20251008205914.598660-1-skandigraun@gmail.com>
References: <20251008205914.598660-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,walnascar,01/11] imagemagick: patch CVE-2025-53014 | expand

Commit Message

Gyorgy Sarvari Oct. 8, 2025, 8:59 p.m. UTC

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57807

Pick the commit mentioned in the details.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../imagemagick/0001-CVE-2025-57807.patch     | 46 +++++++++++++++++++
 .../imagemagick/imagemagick_7.1.1-43.bb       |  1 +
 2 files changed, 47 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/0001-CVE-2025-57807.patch

diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/0001-CVE-2025-57807.patch b/meta-oe/recipes-support/imagemagick/imagemagick/0001-CVE-2025-57807.patch
new file mode 100644
index 0000000000..6178e31e1c
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/imagemagick/0001-CVE-2025-57807.patch
@@ -0,0 +1,46 @@ 
+From f8e4069153330021aefa6fc7c6c09df2444de021 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sun, 24 Aug 2025 12:32:18 -0400
+Subject: [PATCH] CVE-2025-57807
+
+https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg
+
+CVE: CVE-2025-57807
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ MagickCore/blob.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/MagickCore/blob.c b/MagickCore/blob.c
+index d00b0ac57..5ee81a68b 100644
+--- a/MagickCore/blob.c
++++ b/MagickCore/blob.c
+@@ -1630,7 +1630,7 @@ static inline ssize_t WriteBlobStream(Image *image,const size_t length,
+   extent=(MagickSizeType) (blob_info->offset+(MagickOffsetType) length);
+   if (extent >= blob_info->extent)
+     {
+-      extent=blob_info->extent+blob_info->quantum+length;
++      extent+=blob_info->quantum+length;
+       blob_info->quantum<<=1;
+       if (SetBlobExtent(image,extent) == MagickFalse)
+         return(0);
+@@ -5912,12 +5912,15 @@ MagickExport ssize_t WriteBlob(Image *image,const size_t length,
+     }
+     case BlobStream:
+     {
+-      if ((blob_info->offset+(MagickOffsetType) length) >=
+-          (MagickOffsetType) blob_info->extent)
++      MagickSizeType
++        extent;
++
++      extent=(MagickSizeType) (blob_info->offset+(MagickOffsetType) length);
++      if (extent >= blob_info->extent)
+         {
+           if (blob_info->mapped != MagickFalse)
+             return(0);
+-          blob_info->extent+=length+blob_info->quantum;
++          blob_info->extent=extent+blob_info->quantum+length;
+           blob_info->quantum<<=1;
+           blob_info->data=(unsigned char *) ResizeQuantumMemory(
+             blob_info->data,blob_info->extent+1,sizeof(*blob_info->data));
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
index 8f6e816060..6e101f061f 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
@@ -24,6 +24,7 @@  SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
            file://0001-CVE-2025-55160.patch \
            file://0001-CVE-2025-55212.patch \
            file://0001-CVE-2025-57803.patch \
+           file://0001-CVE-2025-57807.patch \
            "
 SRCREV = "a2d96f40e707ba54b57e7d98c3277d3ea6611ace"

[meta-oe,walnascar,11/11] imagemagick: patch CVE-2025-57807

Commit Message

Patch