new file mode 100644
@@ -0,0 +1,25 @@
+From 0948d1ee1eb5c86d257e03c7bcdb738a3bbac549 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Fri, 26 Dec 2025 11:22:12 -0500
+Subject: [PATCH]
+ https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7rvh-xqp3-pr8j
+
+CVE: CVE-2025-68950
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ MagickCore/draw.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/MagickCore/draw.c b/MagickCore/draw.c
+index db555f654..7fe9675f5 100644
+--- a/MagickCore/draw.c
++++ b/MagickCore/draw.c
+@@ -5697,6 +5697,7 @@ MagickExport MagickBooleanType DrawPrimitive(Image *image,
+ if ((LocaleCompare(clone_info->magick,"ftp") != 0) &&
+ (LocaleCompare(clone_info->magick,"http") != 0) &&
+ (LocaleCompare(clone_info->magick,"https") != 0) &&
++ (LocaleCompare(clone_info->magick,"mvg") != 0) &&
+ (LocaleCompare(clone_info->magick,"vid") != 0))
+ composite_images=ReadImage(clone_info,exception);
+ else
@@ -27,6 +27,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
file://CVE-2025-65955.patch \
file://CVE-2025-66628.patch \
file://CVE-2025-68618.patch \
+ file://CVE-2025-68950.patch \
"
SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68950 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../imagemagick/CVE-2025-68950.patch | 25 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 26 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-68950.patch