diff mbox series

[meta-oe,kirkstone,6/6] imagemagick: Fix CVE-2026-23876

Message ID 20260318091338.483937-6-nitin.wankhade@partner.bmw.de
State New
Headers show
Series [meta-oe,kirkstone,1/6] imagemagick: Fix CVE-2025-43965 | expand

Commit Message

Nitin Wankhade March 18, 2026, 9:13 a.m. UTC 
Reference: https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8

Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com>
---
 .../imagemagick/files/CVE-2026-23876.patch    | 63 +++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |  1 +
 2 files changed, 64 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/CVE-2026-23876.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2026-23876.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2026-23876.patch
new file mode 100644
index 0000000000..40d82c9481
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2026-23876.patch
@@ -0,0 +1,63 @@ 
+From 2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Sun, 18 Jan 2026 17:54:12 +0100
+
+Subject: [PATCH] imagemagick: Fix CVE-2026-23876
+CVE: CVE-2026-23876
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8]
+Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com>
+===
+diff --git a/coders/xbm.c b/coders/xbm.c
+index b036d5e..2d6bc9c 100644
+--- a/coders/xbm.c
++++ b/coders/xbm.c
+@@ -200,6 +200,10 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception)
+   short int
+     hex_digits[256];
+ 
++  size_t
++    bytes_per_line,
++    length;
++
+   ssize_t
+     y;
+ 
+@@ -209,8 +213,6 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception)
+   unsigned int
+     bit,
+     byte,
+-    bytes_per_line,
+-    length,
+     padding,
+     version;
+ 
+@@ -340,15 +342,15 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception)
+   if (((image->columns % 16) != 0) && ((image->columns % 16) < 9) &&
+       (version == 10))
+     padding=1;
+-  bytes_per_line=(unsigned int) (image->columns+7)/8+padding;
+-  length=(unsigned int) image->rows;
+-  data=(unsigned char *) AcquireQuantumMemory(length,bytes_per_line*
+-    sizeof(*data));
++  bytes_per_line=(image->columns+7)/8+padding;
++  if (HeapOverflowSanityCheckGetSize(bytes_per_line,image->rows,&length) != MagickFalse)
++    ThrowReaderException(CorruptImageError,"ImproperImageHeader");
++  data=(unsigned char *) AcquireQuantumMemory(length,sizeof(*data));
+   if (data == (unsigned char *) NULL)
+     ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+   p=data;
+   if (version == 10)
+-    for (i=0; i < (ssize_t) (bytes_per_line*image->rows); (i+=2))
++    for (i=0; i < (ssize_t) length; i+=2)
+     {
+       c=XBMInteger(image,hex_digits);
+       if (c < 0)
+@@ -361,7 +363,7 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception)
+         *p++=(unsigned char) (c >> 8);
+     }
+   else
+-    for (i=0; i < (ssize_t) (bytes_per_line*image->rows); i++)
++    for (i=0; i < (ssize_t) length; i++)
+     {
+       c=XBMInteger(image,hex_digits);
+       if (c < 0)
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index a2e08afc1a..9bc857b715 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -53,6 +53,7 @@  SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://CVE-2025-68618.patch \
     file://CVE-2026-22770.patch \
     file://CVE-2026-23874.patch \
+    file://CVE-2026-23876.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"