diff mbox series

[meta-oe,kirkstone,04/12] ImageMagick: Fix CVE-2025-55005

Message ID 20251120084959.51761-4-Divyanshu.Rathore@bmwtechworks.in
State New
Headers show
Series [meta-oe,kirkstone,01/12] ImageMagick: Fix CVE-2025-53014 | expand

Commit Message

Divyanshu Rathore Nov. 20, 2025, 8:49 a.m. UTC 
From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>

Backport the fix for CVE-2025-55005

Add below patch to fix
0004-ImageMagick-Fix-CVE-2025-55005.patch

Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
---
 .../0004-ImageMagick-Fix-CVE-2025-55005.patch | 40 +++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch b/meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch
new file mode 100644
index 0000000000..dba99452ae
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch
@@ -0,0 +1,40 @@ 
+From 5e055e54cd9707e965fc9e7f4d87f47faa6c0074 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+Date: Fri, 3 Oct 2025 17:40:59 +0530
+Subject: [PATCH 4/6] ImageMagick: Fix CVE-2025-55005
+
+CVE: CVE-2025-55005
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57]
+Reference: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+---
+ MagickCore/colorspace.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
+index 2ffc72f88..0aeba03f8 100644
+--- a/MagickCore/colorspace.c
++++ b/MagickCore/colorspace.c
+@@ -2493,10 +2493,16 @@ static MagickBooleanType TransformsRGBImage(Image *image,
+       value=GetImageProperty(image,"reference-black",exception);
+       if (value != (const char *) NULL)
+         reference_black=StringToDouble(value,(char **) NULL);
++      if (reference_black > 1024.0)
++        reference_black=1024.0;
+       reference_white=ReferenceWhite;
+       value=GetImageProperty(image,"reference-white",exception);
+       if (value != (const char *) NULL)
+         reference_white=StringToDouble(value,(char **) NULL);
++      if (reference_white > 1024.0)
++        reference_white=1024.0;
++      if (reference_black > reference_white)
++        reference_black=reference_white;
+       logmap=(Quantum *) AcquireQuantumMemory((size_t) MaxMap+1UL,
+         sizeof(*logmap));
+       if (logmap == (Quantum *) NULL)
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index f41e471f0e..224f55d03b 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -26,6 +26,7 @@  SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://0001-ImageMagick-Fix-CVE-2025-53014.patch \
     file://0002-ImageMagick-Fix-CVE-2025-53101.patch \
     file://0003-ImageMagick-Fix-CVE-2025-55160.patch \
+    file://0004-ImageMagick-Fix-CVE-2025-55005.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"