diff mbox series

[meta-oe,kirkstone,01/12] ImageMagick: Fix CVE-2025-53014

Message ID 20251120084959.51761-1-Divyanshu.Rathore@bmwtechworks.in
State New
Headers show
Series [meta-oe,kirkstone,01/12] ImageMagick: Fix CVE-2025-53014 | expand

Commit Message

Divyanshu Rathore Nov. 20, 2025, 8:49 a.m. UTC 
From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>

Backport the fix for CVE-2025-53014

Add below patch to fix CVE-2025-53014
0001-ImageMagick-Fix-CVE-2025-53014.patch

Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
---
 .../0001-ImageMagick-Fix-CVE-2025-53014.patch | 32 +++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch b/meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch
new file mode 100644
index 0000000000..1dcfa9d54e
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch
@@ -0,0 +1,32 @@ 
+From 862fc23489af0d1ade9e1b431d057ec82763dc63 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+Date: Mon, 29 Sep 2025 13:56:59 +0530
+Subject: [PATCH 1/6] ImageMagick: Fix CVE-2025-53014
+
+Correct out of bounds read of a single byte.
+CVE: CVE-2025-53014
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03.patch]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+---
+ MagickCore/image.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/MagickCore/image.c b/MagickCore/image.c
+index 34804e522..fe2a1cb5f 100644
+--- a/MagickCore/image.c
++++ b/MagickCore/image.c
+@@ -1661,7 +1661,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+     q=(char *) p+1;
+     if (*q == '%')
+       {
+-        p=q+1;
++        p++;
+         continue;
+       }
+     field_width=0;
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index ce5489bb3e..e0d584f165 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -23,6 +23,7 @@  SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://CVE-2023-1289.patch \
     file://CVE-2023-34474.patch \
     file://CVE-2023-5341.patch \
+    file://0001-ImageMagick-Fix-CVE-2025-53014.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"