diff mbox series

[meta-oe,walnascar,06/11] imagemagick: patch CVE-2025-55005

Message ID 20251008205914.598660-6-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,walnascar,01/11] imagemagick: patch CVE-2025-53014 | expand

Commit Message

Gyorgy Sarvari Oct. 8, 2025, 8:59 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55005

Pick the patch that mentions the relevant github advisory in its commit message.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../imagemagick/0001-CVE-2025-55005.patch     | 36 +++++++++++++++++++
 .../imagemagick/imagemagick_7.1.1-43.bb       |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/0001-CVE-2025-55005.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/0001-CVE-2025-55005.patch b/meta-oe/recipes-support/imagemagick/imagemagick/0001-CVE-2025-55005.patch
new file mode 100644
index 0000000000..7f7b5537d4
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/imagemagick/0001-CVE-2025-55005.patch
@@ -0,0 +1,36 @@ 
+From 75a044ff3d4b356a5a4c2100b907c3fadcd20ef5 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Thu, 7 Aug 2025 22:05:10 -0400
+Subject: [PATCH] CVE-2025-55005
+
+https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
+
+CVE: CVE-2025-55005
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ MagickCore/colorspace.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
+index baeeb43dd..e18009f30 100644
+--- a/MagickCore/colorspace.c
++++ b/MagickCore/colorspace.c
+@@ -2397,10 +2397,16 @@ static MagickBooleanType TransformsRGBImage(Image *image,
+       value=GetImageProperty(image,"reference-black",exception);
+       if (value != (const char *) NULL)
+         reference_black=StringToDouble(value,(char **) NULL);
++      if (reference_black > 1024.0)
++        reference_black=1024.0;
+       reference_white=ReferenceWhite;
+       value=GetImageProperty(image,"reference-white",exception);
+       if (value != (const char *) NULL)
+         reference_white=StringToDouble(value,(char **) NULL);
++      if (reference_white > 1024.0)
++        reference_white=1024.0;
++      if (reference_black > reference_white)
++        reference_black=reference_white;
+       logmap=(Quantum *) AcquireQuantumMemory((size_t) MaxMap+1UL,
+         sizeof(*logmap));
+       if (logmap == (Quantum *) NULL)
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
index 570d162fd4..690f3d27aa 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
@@ -19,6 +19,7 @@  SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
            file://0001-Fixed-memory-leak-when-entering-StreamImage-multiple.patch \
            file://0001-https-github.com-ImageMagick-ImageMagick-security-ad.patch \
            file://0001-CVE-2025-55004.patch \
+           file://0001-CVE-2025-55005.patch \
            "
 SRCREV = "a2d96f40e707ba54b57e7d98c3277d3ea6611ace"