new file mode 100644
@@ -0,0 +1,165 @@
+From 4335d1fe991e77dd6279e7adfbe5d976dc769c24 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+Date: Fri, 3 Oct 2025 20:36:28 +0530
+Subject: [PATCH 3/6] ImageMagick: Fix CVE-2025-55160
+
+CVE: CVE-2025-55160
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/63d8769dd6a8f32f4096c71be9e08a2c081e47da]
+Reference: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+---
+ MagickCore/artifact.c | 17 ++++++++++++++++-
+ MagickCore/option.c | 17 ++++++++++++++++-
+ MagickCore/profile.c | 19 ++++++++++++++++++-
+ MagickCore/property.c | 18 ++++++++++++++++--
+ 4 files changed, 66 insertions(+), 5 deletions(-)
+
+diff --git a/MagickCore/artifact.c b/MagickCore/artifact.c
+index 0c376ed98..a27ebb8ec 100644
+--- a/MagickCore/artifact.c
++++ b/MagickCore/artifact.c
+@@ -99,6 +99,21 @@
+ % o clone_image: the source image for artifacts to clone.
+ %
+ */
++
++typedef char
++ *(*CloneKeyFunc)(const char *),
++ *(*CloneValueFunc)(const char *);
++
++static inline void *CloneArtifactKey(void *key)
++{
++ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
++}
++
++static inline void *CloneArtifactValue(void *value)
++{
++ return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
++}
++
+ MagickExport MagickBooleanType CloneImageArtifacts(Image *image,
+ const Image *clone_image)
+ {
+@@ -116,7 +131,7 @@ MagickExport MagickBooleanType CloneImageArtifacts(Image *image,
+ if (image->artifacts != (void *) NULL)
+ DestroyImageArtifacts(image);
+ image->artifacts=CloneSplayTree((SplayTreeInfo *) clone_image->artifacts,
+- (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString);
++ CloneArtifactKey,CloneArtifactValue);
+ }
+ return(MagickTrue);
+ }
+diff --git a/MagickCore/option.c b/MagickCore/option.c
+index 99b43ac93..7047cf207 100644
+--- a/MagickCore/option.c
++++ b/MagickCore/option.c
+@@ -2187,6 +2187,21 @@ static const OptionInfo
+ % o clone_info: the source image info for options to clone.
+ %
+ */
++
++typedef char
++ *(*CloneKeyFunc)(const char *),
++ *(*CloneValueFunc)(const char *);
++
++static inline void *CloneOptionKey(void *key)
++{
++ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
++}
++
++static inline void *CloneOptionValue(void *value)
++{
++ return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
++}
++
+ MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info,
+ const ImageInfo *clone_info)
+ {
+@@ -2202,7 +2217,7 @@ MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info,
+ if (image_info->options != (void *) NULL)
+ DestroyImageOptions(image_info);
+ image_info->options=CloneSplayTree((SplayTreeInfo *) clone_info->options,
+- (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString);
++ CloneOptionKey,CloneOptionValue);
+ }
+ return(MagickTrue);
+ }
+diff --git a/MagickCore/profile.c b/MagickCore/profile.c
+index d8924f7e2..254a11b77 100644
+--- a/MagickCore/profile.c
++++ b/MagickCore/profile.c
+@@ -149,6 +149,23 @@ typedef struct _CMSExceptionInfo
+ % o clone_image: the clone image.
+ %
+ */
++
++typedef char
++ *(*CloneKeyFunc)(const char *);
++
++typedef StringInfo
++ *(*CloneValueFunc)(const StringInfo *);
++
++static inline void *CloneProfileKey(void *key)
++{
++ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
++}
++
++static inline void *CloneProfileValue(void *value)
++{
++ return((void *) ((CloneValueFunc) CloneStringInfo)((const StringInfo *) value));
++}
++
+ MagickExport MagickBooleanType CloneImageProfiles(Image *image,
+ const Image *clone_image)
+ {
+@@ -163,7 +180,7 @@ MagickExport MagickBooleanType CloneImageProfiles(Image *image,
+ if (image->profiles != (void *) NULL)
+ DestroyImageProfiles(image);
+ image->profiles=CloneSplayTree((SplayTreeInfo *) clone_image->profiles,
+- (void *(*)(void *)) ConstantString,(void *(*)(void *)) CloneStringInfo);
++ CloneProfileKey,CloneProfileValue);
+ }
+ return(MagickTrue);
+ }
+diff --git a/MagickCore/property.c b/MagickCore/property.c
+index 9626d079e..1b42adaee 100644
+--- a/MagickCore/property.c
++++ b/MagickCore/property.c
+@@ -131,6 +131,21 @@
+ % o clone_image: the clone image.
+ %
+ */
++
++typedef char
++ *(*CloneKeyFunc)(const char *),
++ *(*CloneValueFunc)(const char *);
++
++static inline void *ClonePropertyKey(void *key)
++{
++ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
++}
++
++static inline void *ClonePropertyValue(void *value)
++{
++ return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
++}
++
+ MagickExport MagickBooleanType CloneImageProperties(Image *image,
+ const Image *clone_image)
+ {
+@@ -194,8 +209,7 @@ MagickExport MagickBooleanType CloneImageProperties(Image *image,
+ if (image->properties != (void *) NULL)
+ DestroyImageProperties(image);
+ image->properties=CloneSplayTree((SplayTreeInfo *)
+- clone_image->properties,(void *(*)(void *)) ConstantString,
+- (void *(*)(void *)) ConstantString);
++ clone_image->properties,ClonePropertyKey,ClonePropertyValue);
+ }
+ return(MagickTrue);
+ }
+--
+2.34.1
+
@@ -25,6 +25,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
file://CVE-2023-5341.patch \
file://0001-ImageMagick-Fix-CVE-2025-53014.patch \
file://0002-ImageMagick-Fix-CVE-2025-53101.patch \
+ file://0003-ImageMagick-Fix-CVE-2025-55160.patch \
"
SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"