diff mbox series

[meta-oe,kirkstone,4/6] imagemagick: Fix CVE-2026-22770

Message ID 20260318091338.483937-4-nitin.wankhade@partner.bmw.de
State New
Headers show
Series [meta-oe,kirkstone,1/6] imagemagick: Fix CVE-2025-43965 | expand

Commit Message

Nitin Wankhade March 18, 2026, 9:13 a.m. UTC 
Reference: https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e

Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com>
---
 .../imagemagick/files/CVE-2026-22770.patch    | 37 +++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/CVE-2026-22770.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2026-22770.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2026-22770.patch
new file mode 100644
index 0000000000..f370d3eec5
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2026-22770.patch
@@ -0,0 +1,37 @@ 
+From 3e0330721020e0c5bb52e4b77c347527dd71658e Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Sun, 4 Jan 2026 15:26:48 +0100y
+
+Subject: [PATCH] imagemagick: Fix CVE-2026-22770
+CVE: CVE-2026-22770
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e]
+Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com>
+===
+diff --git a/MagickCore/effect.c b/MagickCore/effect.c
+index bfb1363..3a44240 100644
+--- a/MagickCore/effect.c
++++ b/MagickCore/effect.c
+@@ -880,16 +880,21 @@ static double **AcquireBilateralThreadSet(const size_t number_threads,
+   double
+     **weights;
+ 
++  size_t
++    count;
++
+   ssize_t
+     i;
+ 
++  if (HeapOverflowSanityCheckGetSize(height,sizeof(**weights),&count) != MagickFalse)
++    return((double **) NULL);
+   weights=(double **) AcquireQuantumMemory(number_threads+1,sizeof(*weights));
+   if (weights == (double **) NULL)
+     return((double **) NULL);
+-  (void) memset(weights,0,number_threads*sizeof(*weights));
++  (void) memset(weights,0,(number_threads+1)*sizeof(*weights));
+   for (i=0; i <= (ssize_t) number_threads; i++)
+   {
+-    weights[i]=(double *) AcquireQuantumMemory(width,height*sizeof(**weights));
++    weights[i]=(double *) AcquireQuantumMemory(width,count);
+     if (weights[i] == (double *) NULL)
+       return(DestroyBilateralThreadSet(number_threads,weights));
+   }
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index 1afc8bbe2c..e235b9eb89 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -51,6 +51,7 @@  SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://CVE-2025-43965.patch \
     file://CVE-2025-66628.patch \
     file://CVE-2025-68618.patch \
+    file://CVE-2026-22770.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"