[meta-oe,scarthgap,08/15] imagemagick: patch CVE-2025-55005

Message ID	20260108105317.460246-8-skandigraun@gmail.com
State	New
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.128.41, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 08/15] imagemagick: patch CVE-2025-55005 Date: Thu, 8 Jan 2026 11:53:10 +0100 Message-ID: <20260108105317.460246-8-skandigraun@gmail.com> In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com> References: <20260108105317.460246-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,scarthgap,01/15] imagemagick: upgrade 7.1.1-26 -> 7.1.1-47 \| expand [meta-oe,scarthgap,01/15] imagemagick: upgrade 7.1.1-26 -> 7.1.1-47 [meta-oe,scarthgap,02/15] imagemagick: mark CVE-2023-5341 as patched [meta-oe,scarthgap,03/15] imagemagick: patch CVE-2025-53014 [meta-oe,scarthgap,04/15] imagemagick: patch CVE-2025-53015 [meta-oe,scarthgap,05/15] imagemagick: patch CVE-2025-53019 [meta-oe,scarthgap,06/15] imagemagick: patch CVE-2025-53101 [meta-oe,scarthgap,07/15] imagemagick: patch CVE-2025-55004 [meta-oe,scarthgap,08/15] imagemagick: patch CVE-2025-55005 [meta-oe,scarthgap,09/15] imagemagick: patch CVE-2025-55154 [meta-oe,scarthgap,10/15] imagemagick: patch CVE-2025-55160 [meta-oe,scarthgap,11/15] imagemagick: patch CVE-2025-55212 [meta-oe,scarthgap,12/15] imagemagick: patch CVE-2025-57803 [meta-oe,scarthgap,13/15] imagemagick: patch CVE-2025-57807 [meta-oe,scarthgap,14/15] imagemagick: patch CVE-2025-62171 [meta-oe,scarthgap,15/15] imagemagick: patch CVE-2025-65955

Message ID

20260108105317.460246-8-skandigraun@gmail.com

State

New

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][scarthgap][PATCH 08/15] imagemagick: patch CVE-2025-55005
Date: Thu,  8 Jan 2026 11:53:10 +0100
Message-ID: <20260108105317.460246-8-skandigraun@gmail.com>
In-Reply-To: <20260108105317.460246-1-skandigraun@gmail.com>
References: <20260108105317.460246-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,scarthgap,01/15] imagemagick: upgrade 7.1.1-26 -> 7.1.1-47 | expand

Commit Message

Gyorgy Sarvari Jan. 8, 2026, 10:53 a.m. UTC

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55005

Pick the patch that mentions the related github advisory[1] in its
commit message.

[1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../imagemagick/CVE-2025-55005.patch          | 34 +++++++++++++++++++
 .../imagemagick/imagemagick_7.1.1.bb          |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55005.patch

diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55005.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55005.patch
new file mode 100644
index 0000000000..727e66f741
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55005.patch
@@ -0,0 +1,34 @@ 
+From 430c29617ce287db24872cb4e7fbb1e03d117d0a Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Thu, 7 Aug 2025 22:05:10 -0400
+Subject: [PATCH] 
+ https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
+
+CVE: CVE-2025-55005
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ MagickCore/colorspace.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
+index a87defad8..82400ce46 100644
+--- a/MagickCore/colorspace.c
++++ b/MagickCore/colorspace.c
+@@ -2420,10 +2420,16 @@ static MagickBooleanType TransformsRGBImage(Image *image,
+       value=GetImageProperty(image,"reference-black",exception);
+       if (value != (const char *) NULL)
+         reference_black=StringToDouble(value,(char **) NULL);
++      if (reference_black > 1024.0)
++        reference_black=1024.0;
+       reference_white=ReferenceWhite;
+       value=GetImageProperty(image,"reference-white",exception);
+       if (value != (const char *) NULL)
+         reference_white=StringToDouble(value,(char **) NULL);
++      if (reference_white > 1024.0)
++        reference_white=1024.0;
++      if (reference_black > reference_white)
++        reference_black=reference_white;
+       logmap=(Quantum *) AcquireQuantumMemory((size_t) MaxMap+1UL,
+         sizeof(*logmap));
+       if (logmap == (Quantum *) NULL)
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
index caaf813f6e..baf0230590 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
@@ -17,6 +17,7 @@  SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
            file://CVE-2025-53019.patch \
            file://CVE-2025-53101.patch \
            file://CVE-2025-55004.patch \
+           file://CVE-2025-55005.patch \
            "
 SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"

[meta-oe,scarthgap,08/15] imagemagick: patch CVE-2025-55005

Commit Message

Patch