diff mbox series

[meta-oe,scarthgap,11/15] imagemagick: patch CVE-2025-55212

Message ID 20260108105317.460246-11-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,scarthgap,01/15] imagemagick: upgrade 7.1.1-26 -> 7.1.1-47 | expand

Commit Message

Gyorgy Sarvari Jan. 8, 2026, 10:53 a.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55212

Backport the patch that is mentioned in the NVD advisory.

Notes about the backport:
The original patch deletes two extra lines compared to the backport:
those lines were a previous attempt[1] to solve the same vulnerability,
and the final patch reverted them. Since that patch wasn't part of the
recipe, those deletions were dropped from the backported patch.

The PerceptibleReciprocal function was renamed[2] to MagickSafeReciprocal
after the recipe's revision, but there were no functional changes
in the function's behavior.

[1]: https://github.com/ImageMagick/ImageMagick/commit/43d92bf855155e8e716ecbb50ed94c2ed41ff9f6
[2]: https://github.com/ImageMagick/ImageMagick/commit/7e5d87fe6e9

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../imagemagick/CVE-2025-55212.patch          | 29 +++++++++++++++++++
 .../imagemagick/imagemagick_7.1.1.bb          |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch
new file mode 100644
index 0000000000..40a1b6fc4d
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch
@@ -0,0 +1,29 @@ 
+From 3cc6cf85fbe2d147c7b3d48e53f4e9f081448ae8 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sun, 17 Aug 2025 14:33:44 -0400
+Subject: [PATCH] 
+ https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw
+
+CVE: CVE-2025-55212
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ MagickCore/resize.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/MagickCore/resize.c b/MagickCore/resize.c
+index ea6e535f4..298662f8a 100644
+--- a/MagickCore/resize.c
++++ b/MagickCore/resize.c
+@@ -4624,8 +4624,9 @@ MagickExport Image *ThumbnailImage(const Image *image,const size_t columns,
+         x_factor,
+         y_factor;
+ 
+-      x_factor=(ssize_t) image->columns/(ssize_t) columns;
+-      y_factor=(ssize_t) image->rows/(ssize_t) rows;
++      x_factor=(ssize_t) (image->columns*PerceptibleReciprocal((double) 
++        columns));
++      y_factor=(ssize_t) (image->rows*PerceptibleReciprocal((double) rows));
+       if ((x_factor > 4) && (y_factor > 4))
+         {
+           thumbnail_image=SampleImage(clone_image,4*columns,4*rows,exception);
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
index 5e9561291c..b299f0d2b6 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
@@ -20,6 +20,7 @@  SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
            file://CVE-2025-55005.patch \
            file://CVE-2025-55154.patch \
            file://CVE-2025-55160.patch \
+           file://CVE-2025-55212.patch \
            "
 SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"