[meta-oe,kirkstone,3/6] imagemagick: Fix CVE-2025-68618

Message ID	20260318091338.483937-3-nitin.wankhade@partner.bmw.de
State	New
Headers	show Return-Path: <nitin.wankhade333@gmail.com> ip: 209.85.210.176, mailfrom: nitin.wankhade333@gmail.com) From: Nitin Wankhade <nitin.wankhade333@gmail.com> To: openembedded-devel@lists.openembedded.org Cc: nitin.wankhade@kpit.com, Nitin Wankhade <nitin.wankhade333@gmail.com> Subject: [meta-oe][kirkstone][PATCH 3/6] imagemagick: Fix CVE-2025-68618 Date: Wed, 18 Mar 2026 14:43:35 +0530 Message-Id: <20260318091338.483937-3-nitin.wankhade@partner.bmw.de> In-Reply-To: <20260318091338.483937-1-nitin.wankhade@partner.bmw.de> References: <20260318091338.483937-1-nitin.wankhade@partner.bmw.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,kirkstone,1/6] imagemagick: Fix CVE-2025-43965 \| expand [meta-oe,kirkstone,1/6] imagemagick: Fix CVE-2025-43965 [meta-oe,kirkstone,2/6] imagemagick: Fix CVE-2025-66628 [meta-oe,kirkstone,3/6] imagemagick: Fix CVE-2025-68618 [meta-oe,kirkstone,4/6] imagemagick: Fix CVE-2026-22770 [meta-oe,kirkstone,5/6] imagemagick: Fix CVE-2026-23874 [meta-oe,kirkstone,6/6] imagemagick: Fix CVE-2026-23876

Message ID

20260318091338.483937-3-nitin.wankhade@partner.bmw.de

State

New

Headers

From: Nitin Wankhade <nitin.wankhade333@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: nitin.wankhade@kpit.com,
	Nitin Wankhade <nitin.wankhade333@gmail.com>
Subject: [meta-oe][kirkstone][PATCH 3/6] imagemagick: Fix CVE-2025-68618
Date: Wed, 18 Mar 2026 14:43:35 +0530
Message-Id: <20260318091338.483937-3-nitin.wankhade@partner.bmw.de>
In-Reply-To: <20260318091338.483937-1-nitin.wankhade@partner.bmw.de>
References: <20260318091338.483937-1-nitin.wankhade@partner.bmw.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,kirkstone,1/6] imagemagick: Fix CVE-2025-43965 | expand

Commit Message

Nitin Wankhade March 18, 2026, 9:13 a.m. UTC

Reference: https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb

Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com>
---
 .../imagemagick/files/CVE-2025-68618.patch    | 95 +++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |  1 +
 2 files changed, 96 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/CVE-2025-68618.patch

diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2025-68618.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2025-68618.patch
new file mode 100644
index 0000000000..c846b0cc31
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2025-68618.patch
@@ -0,0 +1,95 @@ 
+From 6f431d445f3ddd609c004a1dde617b0a73e60beb Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sun, 21 Dec 2025 12:43:08 -0500
+
+Subject: [PATCH] imagemagick: Fix CVE-2025-68618
+CVE: CVE-2025-68618
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb]
+Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com>
+===
+diff --git a/coders/msl.c b/coders/msl.c
+index 68abd7d..0e8f632 100644
+--- a/coders/msl.c
++++ b/coders/msl.c
+@@ -126,6 +126,7 @@ typedef struct _MSLInfo
+ 
+   ssize_t
+     n,
++    depth,
+     number_groups;
+ 
+   ImageInfo
+@@ -660,13 +661,13 @@ static void MSLStartElement(void *context,const xmlChar *tag,
+   RectangleInfo
+     geometry;
+ 
+-  ssize_t
+-    i;
+-
+   size_t
+     height,
+     width;
+ 
++  ssize_t
++    i;
++
+   /*
+     Called when an opening tag has been processed.
+   */
+@@ -674,6 +675,13 @@ static void MSLStartElement(void *context,const xmlChar *tag,
+     "  SAX.startElement(%s",tag);
+   exception=AcquireExceptionInfo();
+   msl_info=(MSLInfo *) context;
++  if (msl_info->depth++ >= MagickMaxRecursionDepth)
++    {
++      (void) ThrowMagickException(msl_info->exception,GetMagickModule(),
++        DrawError,"VectorGraphicsNestedTooDeeply","`%s'",tag);
++      xmlStopParser((xmlParserCtxtPtr) context);
++      return;
++    }
+   n=msl_info->n;
+   keyword=(const char *) NULL;
+   value=(char *) NULL;
+@@ -7430,12 +7438,12 @@ static void MSLStartElement(void *context,const xmlChar *tag,
+ 
+ static void MSLEndElement(void *context,const xmlChar *tag)
+ {
+-  ssize_t
+-    n;
+-
+   MSLInfo
+     *msl_info;
+ 
++  ssize_t
++    n;
++
+   /*
+     Called when the end of an element has been detected.
+   */
+@@ -7525,6 +7533,7 @@ static void MSLEndElement(void *context,const xmlChar *tag)
+   }
+   if (msl_info->content != (char *) NULL)
+     msl_info->content=DestroyString(msl_info->content);
++  msl_info->depth--;
+ }
+ 
+ static void MSLCharacters(void *context,const xmlChar *c,int length)
+diff --git a/coders/svg.c b/coders/svg.c
+index 5caf8af..ab139e2 100644
+--- a/coders/svg.c
++++ b/coders/svg.c
+@@ -1270,7 +1270,13 @@ static void SVGStartElement(void *context,const xmlChar *name,
+   (void) LogMagickEvent(CoderEvent,GetMagickModule(),"  SAX.startElement(%s",
+     name);
+   svg_info=(SVGInfo *) context;
+-  svg_info->n++;
++  if (svg_info->n++ > MagickMaxRecursionDepth)
++    {
++      (void) ThrowMagickException(svg_info->exception,GetMagickModule(),
++        DrawError,"VectorGraphicsNestedTooDeeply","`%s'",name);
++      xmlStopParser((xmlParserCtxtPtr) context);
++      return;
++    }
+   svg_info->scale=(double *) ResizeQuantumMemory(svg_info->scale,
+     svg_info->n+1UL,sizeof(*svg_info->scale));
+   if (svg_info->scale == (double *) NULL)
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index 7b2d33ccb8..1afc8bbe2c 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -50,6 +50,7 @@  SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://CVE-2025-62171.patch \
     file://CVE-2025-43965.patch \
     file://CVE-2025-66628.patch \
+    file://CVE-2025-68618.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"

[meta-oe,kirkstone,3/6] imagemagick: Fix CVE-2025-68618

Commit Message

Patch