new file mode 100644
@@ -0,0 +1,26 @@
+From 4e32e83e3f57d110b56641f12cc5ed7d007dce29 Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Fri, 27 Jun 2025 14:51:57 +0200
+Subject: [PATCH] Fixed memory leak when entering StreamImage multiple times.
+
+CVE: CVE-2025-53019
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ MagickCore/stream.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/MagickCore/stream.c b/MagickCore/stream.c
+index 786dabb52..22a0c9eee 100644
+--- a/MagickCore/stream.c
++++ b/MagickCore/stream.c
+@@ -1321,7 +1321,8 @@ MagickExport Image *StreamImage(const ImageInfo *image_info,
+ image_info->filename);
+ read_info=CloneImageInfo(image_info);
+ stream_info->image_info=image_info;
+- stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL);
++ if (stream_info->quantum_info == (QuantumInfo *) NULL)
++ stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL);
+ if (stream_info->quantum_info == (QuantumInfo *) NULL)
+ {
+ read_info=DestroyImageInfo(read_info);
@@ -14,6 +14,7 @@ PV .= "-47"
SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \
file://CVE-2025-53014.patch \
file://CVE-2025-53015.patch \
+ file://CVE-2025-53019.patch \
"
SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53019 Pick the commit that is marked as a fix at the bottom of the relevant github advisory[1]. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../imagemagick/CVE-2025-53019.patch | 26 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 27 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53019.patch