From patchwork Fri Dec 12 14:59:37 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
X-Patchwork-Id: 76396
Return-Path: <philip@balister.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C52CED59D96
	for <webhook@archiver.kernel.org>; Fri, 12 Dec 2025 21:03:43 +0000 (UTC)
Received: from PNYPR01CU001.outbound.protection.outlook.com
 (PNYPR01CU001.outbound.protection.outlook.com [52.101.225.60])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.14821.1765552503557581404
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 12 Dec 2025 07:15:04 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@bmwtechworks.in
 header.s=selector1 header.b=tC6YfM4u;
 spf=pass (domain: bmwtechworks.in, ip: 52.101.225.60,
 mailfrom: divyanshu.rathore@bmwtechworks.in)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=KRfpneNP0c3jalyl1fRxf6s3bi5UNXeHz8b00DosL+nPeZ61hmWLMWAVyXRycZJNB6GOd1cqIpwo8p0zREpcC+DmhYfwa/tAB8CK00lqbQ33BQvjSvuU+/PlFNrRbA/w/Vrz2vdZukT7QWmIikuklAqfmrEsLFK1r/r+sM12qDola4wvpjj7wVOJ0qfvSJ6Ztu9Ll2OgHCq+1PYY8Lbs9AP9fQFWdA51yujkB2EGR9tQvdCtBWjFw9U372ltRfAB0U8Od+js6CriSmK28GClCs0nBDXisjvzM5OegtZLiYUs4JkHRkOokSgYuuTPpJN4e1XFrG+Nu9eSk3vusua/UA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=6+gHfDrGduZ5gDA4x1P9SLjPJyw7qlWyqniENsbKISQ=;
 b=cT+4cC1G8VCihDRJGXDgnOZhyZFlG3jPl7Fgep8ubCBf9eBIQiNkYvcz5X3+Bv8+G9z2qk2gtcmPMaY23iZOVx1V8Z7R3xtHszar8t8sXioOUrXm8Eo+uj3g2MuiMP6j6olCiLKemEsZiAhaMusFElo7oF2PNVwh7kZgi5joGJfOn1KMu3OBFna/VnGVXsz8cU2wbKOph5RYYMY2IwoqALvsSDhqM5p74y33+LciWV7EhkdW3Nm2TIeL9AhSG55E1HZbyB5bQFPGLzklmFpcvn7d10D6z7x5e+IEYpHtLYX4znJkkrsTiA3JppqJk0Bp9kM181fJcfiLZ+cSZvhThw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=bmwtechworks.in; dmarc=pass action=none
 header.from=bmwtechworks.in; dkim=pass header.d=bmwtechworks.in; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bmwtechworks.in;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=6+gHfDrGduZ5gDA4x1P9SLjPJyw7qlWyqniENsbKISQ=;
 b=tC6YfM4uawrofAFv6xgVM1/HjfZidogbzzVsH2gOzBXSavCq/NEPyNn0SDUnu92YcfMlBCRoVGL2YXCXijGehY6GFiRMY6EFGblvwvkSBbpsuq+cbBLKKUipqc6gVj9t8BPc4g51hoHyuXoBEhSNbVQsvcS7m/cbdiP3EejeMxg/KS0eoc9HWDiiq1quqeqmXsYL74yE8WNvaH7ZnJ9hJ/3cZIFjFfwnOZKbceVbDEtccaV7kvkyErc9Zi7K97wjKLGmXXR4B8haOYEFwk2Q1fxMPKXmnZOuieSngRYMk0fuG3mAPj/CCM5DzkNSe6jFe7TRerEr1mXgIa0hTtfdIw==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=bmwtechworks.in;
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:143::11)
 by PN4P287MB4723.INDP287.PROD.OUTLOOK.COM (2603:1096:c01:2c6::9) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9412.10; Fri, 12 Dec
 2025 14:59:57 +0000
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483]) by MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483%6]) with mapi id 15.20.9412.005; Fri, 12 Dec 2025
 14:59:57 +0000
From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
To: openembedded-devel@lists.openembedded.org
CC: Divyanshu.Rathore@bmwtechworks.in
Subject: [meta-oe][kirkstone][PATCH v2 01/11] ImageMagick: Fix CVE-2025-53014
Date: Fri, 12 Dec 2025 20:29:37 +0530
Message-ID: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
X-Mailer: git-send-email 2.34.1
X-ClientProxiedBy: PN0PR01CA0009.INDPRD01.PROD.OUTLOOK.COM
 (2603:1096:c01:4f::14) To MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 (2603:1096:a01:143::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MA0P287MB3378:EE_|PN4P287MB4723:EE_
X-MS-Office365-Filtering-Correlation-Id: 44797748-e717-4b93-8460-08de398f1d7f
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|1800799024|376014|366016|52116014|38350700014;
X-Microsoft-Antispam-Message-Info: 
 4BhGssefwF+Cg1x2hco3dRnoi6zrEh81RJygZdc9/jO3C5OjpZL4p6ZLZaljge88J82/GLnx46u2n6cgtbH6BOqEtyUjniy2aq3sFPsm2bbqHpnVJKqFYNrqdAmJROmkZGIY9KAfGR1qItJYGKZjo22RqtRKCazvmqnVSXFNCkeSCztFabs3CSXOpR1o+kWhHZTSRSJGbnq8pV2cyi+JSQyvoakBdZLgiSxUJO6DtEo21wlbcolv6eanGz0c0u7AUIqrPJ3Q3s2JlO3LECXvltIEUFYufSa4dbXK0CLgXF2hHal2R4vetbLK6dzidxBQARTJ/gp3tib6Dd5DqRgx31bO90/E0/RFEssn+PFDRadubzwqct3RqD3axxjlr8uMKJsJKKC0tAj0svDH1Hx1EycvVzRJXLsQaa/rjbyTwit44XpgT/LoRUvo9Loh/+KWmS3S760v2l+z76HI9TDVEOjHGyL0q9KE6R3XUdOnaSXZ2LDFAEJwi+BN/xiqi1yDdIaXTL+upChWW+7n1eCAGpGLhN5iTCbt4oeHgNyGXh2W39A/C2zQapJDNHWcD4KiNkLy4mpGCc2FjhTI87LruJ9TDcNrRMxRli/rLICkOG69Ind+LF3U9U3IBnTh4RVRmSmhcGvecs+vkWmPFb4gw2hFtbvODsEhBha4ZA3krZs0PJoqCEW3iCYX5/W/mVqVceUeZx/K/W03OQki6KZoKNxNvcsK/Q+YoRIOua9nAgR5cgv9kQYYpDhCb3eqn9AN1No2IlSdYzZ+m4p4f2reLNmkJbn+dbC4l0539wax+rHZ5LoA6Lu2aA13FlECRosCuj2bA6YJ2AFylkIPtSL8bfRdHsB3GPebwm23ulnWLMcvDZwft2d/1302ytsWFgL6Fbu11C9rHS8n0GdFC9n7lQfOUpNJ3m0CfTebOx8oIj3BMZRBOdjkt+0ZnylhPqMMX0RRnUcu1G5ucTvcrpJh7xBMsw5EZVrFrS90kmtMJPBDUsdl6xASOysglU+aJ7EEqXvj0kw9PY45k+0F8Sm11jnViYHwVGAcH21uhasyk5eRUlvkc0zM+cVzWjJXkiyDA1815B9u/iDwLuBRmR/Ai6FtwdQYE82/7Ncf0Xh9oZe4riDQvL7eF7yltmK5KELhMfB5Jth15uugBCMOE2BgFhTtnNSt/zyfgOSz5LgwHiq03vmWbVvLIxRMjqLwXnV2Dhfq0l8d8IamzRTK8O1C7WlJEFkRoVAQRNjYeZynz7puTM0zXaOFb/z1WkmEXPUeCDhqtlFnK7fBlXcJ/+3w+3w9VtckDrolHPg0LvlKK4wqX08zMapyjn4gqFrFH/zlIBoGs8+IvEZyG1ubU1KIQp+NB437TGq1RoY6Q41KKYsIlxplreKuom7wdNoZQennq2gTxHLwL9ClM/QjAH7XwPfEGPR73hOGZHerjcgaILUVnHyD3oxe36bsfSrfWcUVj5pW2lyl3L8JaHzYtSdHkw==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MA0P287MB3378.INDP287.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(52116014)(38350700014);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 7gGHjiaxVLcX4xCh7ra3LL0C0BZ8cx6EzRxwNE+cC5izK6Ljrhj2YPo47bXmNbtHEYYcfr1EAnPqTImD0o/iK7sUHKhcJld5mzHdzhtm88Qc3qggNumgO0oLzULpH6ahn4/lmZUKdsn7/fSnc9HBBWX68iZii5TADoFGG61lbD7kzzv6PQVLA1lcklC4ml5eyqDqa0jmvX9PbOAJ16fmcv6q2wwXPYb4Kvr/zclWgAQdmxHYdAqMhHSsxiVZ4HuWbYW7H4BecsbEjq1BD5KOEYeRqfxoWX2zn5d9/8csHIUBo5/r0ZKcjfhZheeaF/B06fA5bWiZZB3/REO8HtDeO9ybycCfmshswYdGlr5IuLo4YYgsgzA1cKYaVNkp4tSdp2Tk34uTcX0KUJDx+Pg8U0o50jkmJy+tBo+Gt06bepUyFMovkqrGjeCs8IVqn9Akto4MM5qEQ54NJX0X0OQBk3rUPDGHj+EI1D2vjslpo/lGtyv/FRRJyZttzJzLZpGmFXd84yomyr5rEPCqnbTsx9QkvSRLOUKQ+EOLke3+388w7CRqrxX7uGRhANhjGmD3REsQW1CLFHbxZT/ERO33dVrC4gs36afBIYmMfJdeLTVkGmA1yycpLVmQIftqMOCX0bgPCwK98r9w+1zqt7Pqs6J1hu0n1VHGVvA5NUnDYLyMjIfjvTtDl1SbsyQAMdOfm0JHeplpqwLuY25GU3Gy8MQNv9XvdMiCRebTOGpUcUCYk3Qyab8pTu+/IUDYfHkSjhf76SOo3z5ojm5cE3MeKPQr4w/ZCV2Jynipeo6drZPq1fa7zZWq9ygyDeazjdq8xA3EumvitrQCjEBiwVsvg1BweIPnpnw0xEUwjWhEmvNRfDzg/T/armLQ50Jyur4sPwpO4P1j7UAnNmGllEVNXJz59uVFPDb4d9f3ZsmN13uymDNSHjkydnulA5pIhF9yEKP6pQFm1onQ4pU4Th6HILj4CqjBzh2e+xHkjBigQOhAbYrpvbo9SK/U+tKNuwW2z/UvESq0khIlU0edL+C1qc6zb1hFmGCFCDV0DDPNEBuO3lK3HBTagxgeBenw706UjFeGwU/KI1uHhcQPCMA43IsPGH7pyvKonUS50p2cAE3K4uEA5QaoZu0h7R01njHnYJ2YzXKjJWXE70FD+jTokuJjq49+OYZq8AI1nRDBW/lf/+IuGJpDSd2ELxKTKwZf1bGpa6n7r6YirJTqH5ymOmvBEgiJSVYusCaYFMLRjgPVFPm1YJ6m+89+JnlOj3dvTBb6uUkngD9yQO0IpfBN7BIFUfWfwDQLGVnjAgtTtp/qiKIX0ZR9Hq6BQXtANvxAp9a+sn04y8WI4hR67PEEyFVSxJIAqbafjCHIHW9ch5Ogrv4+Yhc7Uc72q9JN7Vcg59WezYjLG2HZTyL04nBatDOASx81e0oP3ttsoB4yLZa+FaIwZN2JpmlOOKbUOItglSI00v0kTQMZ+0NXdRQAAwEw/C6+zD142E6vE0Mco6APk+TjlBPJ1F99313Y406HidSBbTffehaAyrQOiWPmSLz0iNbjt3E+P6HTC42jEPHtcbHQud6jaT8RarqdtKRtThN00Zq3pWXUTBV3yacn5pNfdNJVP4X6PekWdnW7Smw=
X-OriginatorOrg: bmwtechworks.in
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 44797748-e717-4b93-8460-08de398f1d7f
X-MS-Exchange-CrossTenant-AuthSource: MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2025 14:59:57.2594
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 970fa6fd-1031-4cc6-8c56-488f3c61cd05
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 g0es1MsVMrXn+YkkOOzUZNxPksjVoPtK3y68YX6g3EnUgCC3qEXTiO0MInm/XxauLZX0tQn1uz8+z3bM/vVe1qQXhBY3pykx8hBfI1J52no9PAC0Y8MtX5+CuwmUaedi
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PN4P287MB4723
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 12 Dec 2025 21:03:43 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/122618

Backport the fix for CVE-2025-53014

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03]

Add below patch to fix CVE-2025-53014
0001-ImageMagick-Fix-CVE-2025-53014.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
---
 .../0001-ImageMagick-Fix-CVE-2025-53014.patch | 32 +++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch

diff --git a/meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch b/meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch
new file mode 100644
index 0000000000..3230519cd1
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch
@@ -0,0 +1,32 @@
+From a16d86759bd9171fca247c4e764ffeeeb7232d9b Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+Date: Mon, 29 Sep 2025 13:56:59 +0530
+Subject: [PATCH 01/18] ImageMagick: Fix CVE-2025-53014
+
+Correct out of bounds read of a single byte.
+CVE: CVE-2025-53014
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03.patch]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+---
+ MagickCore/image.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/MagickCore/image.c b/MagickCore/image.c
+index 34804e522..fe2a1cb5f 100644
+--- a/MagickCore/image.c
++++ b/MagickCore/image.c
+@@ -1661,7 +1661,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+     q=(char *) p+1;
+     if (*q == '%')
+       {
+-        p=q+1;
++        p++;
+         continue;
+       }
+     field_width=0;
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index fcbbd6fca2..bdd6dbe955 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -24,6 +24,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://CVE-2023-34474.patch \
     file://CVE-2023-5341.patch \
     file://CVE-2022-28463.patch \
+    file://0001-ImageMagick-Fix-CVE-2025-53014.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"

From patchwork Fri Dec 12 14:59:38 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
X-Patchwork-Id: 76401
Return-Path: <philip@balister.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E89C9D59F44
	for <webhook@archiver.kernel.org>; Fri, 12 Dec 2025 21:03:43 +0000 (UTC)
Received: from PNZPR01CU001.outbound.protection.outlook.com
 (PNZPR01CU001.outbound.protection.outlook.com [40.107.51.28])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.14830.1765552520396890372
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 12 Dec 2025 07:15:21 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@bmwtechworks.in
 header.s=selector1 header.b=J9uwEn6X;
 spf=pass (domain: bmwtechworks.in, ip: 40.107.51.28,
 mailfrom: divyanshu.rathore@bmwtechworks.in)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=hHQ562zcgO5DDE8hyWQX4JPOo48dUaMgFiVVZn5koKQq8Ajb/iTyY8HQ4ZyLAeIgzHBzDyn5UsQm3M3PVOGMzBJAmBNFsy6FBeQ98knB/4cG7upH382Fg8oBsoOnpkf00D4d3QB74twdy7BjUlPRpVRBMp+RLZ0mdELXdpD7T1TeJvV55VuKn+Dn6UF/6K8nRpD5qbl19dFW0dFbfJZFTrcNhmJx26a9x3cXdiRRDKn83ftKpu53mgSTJ3XP1WrD3halXdvIwpN0E+dVn7SbR9il+9iH14iD7uRyZ1Pru0POPC0bmZwWhCeiuF4iYrXSNVGWnUdqUMjXM25aERPlcw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=Pa1yu0KtS6F+sjDDM/iT474TwNusJzzgHZtDLe0kjhI=;
 b=xdiBUVAO2f3omtZXQJgjB8uwlPR9Z0G2w93o3Wc3rIlBFHzIO+aPRHXn4eSe2J5CHY319LC3XY0xQQVzahs8m/BJBeWZptk43ZeWC9htTKjKW+IlpsKOAI/i4hBX8hkFNWdqB7DEkCL9oDkczX/gvTqnIhCAUP4ln1LP7zkAv+ZudmKeOOddbHN6qtdvYgSAiZ16Q+aBgiMd454SX9gwPnAxDYU960PaRDGoy4dZUk/HjZ13vZvRR9GUBvPjAISx+1DszHfgtCxUL9jqj7d7Hh1xulThn7bmzmUoCB5hMChVMyFnAT3S4i6mAYFmDhkEXG124eR907dEUw/aBhBRcg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=bmwtechworks.in; dmarc=pass action=none
 header.from=bmwtechworks.in; dkim=pass header.d=bmwtechworks.in; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bmwtechworks.in;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Pa1yu0KtS6F+sjDDM/iT474TwNusJzzgHZtDLe0kjhI=;
 b=J9uwEn6X5FknE3hteG8adgpoZ/MR3KPY6JMI8HTDHLsGpaW34nKBXEv/2+ufOuaRMLjxzkQ7/u6MQsG0F/T8Ih1YHdbVaNgwupgmKmrYAuY7UYLDtRZrarVn/RwcRaRsgg8jXR8haG3Ls5QxwwUzYChf1kVjUjIyLm4jIzze3t6lpeD+BPxM4iWBi8YFSBf2GlHqoIJfCbUWKJJAmosPTtoidqZeB9DVu36ECK1eLFvYN2zqn41Ydc0Ck9L4Y1HQERG10Kgd9XXKjN0sI7/F+NizNaOyYJxa8Sa94UPLk7LwCdHAHQJzlNbzrA30DZiDbTw9BbxIPiCuCnJPep9iZA==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=bmwtechworks.in;
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:143::11)
 by PN4P287MB4723.INDP287.PROD.OUTLOOK.COM (2603:1096:c01:2c6::9) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9412.10; Fri, 12 Dec
 2025 14:59:58 +0000
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483]) by MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483%6]) with mapi id 15.20.9412.005; Fri, 12 Dec 2025
 14:59:58 +0000
From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
To: openembedded-devel@lists.openembedded.org
CC: Divyanshu.Rathore@bmwtechworks.in
Subject: [meta-oe][kirkstone][PATCH v2 02/11] ImageMagick: Fix CVE-2025-53101
Date: Fri, 12 Dec 2025 20:29:38 +0530
Message-ID: <20251212145947.7434-2-Divyanshu.Rathore@bmwtechworks.in>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
References: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
X-ClientProxiedBy: PN0PR01CA0009.INDPRD01.PROD.OUTLOOK.COM
 (2603:1096:c01:4f::14) To MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 (2603:1096:a01:143::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MA0P287MB3378:EE_|PN4P287MB4723:EE_
X-MS-Office365-Filtering-Correlation-Id: 49527f3d-48ef-4e06-07f7-08de398f1e5b
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|1800799024|376014|366016|52116014|38350700014|13003099007;
X-Microsoft-Antispam-Message-Info: 
 loM1WDFwS1pDJJGkcMt7EVnWY8VsGptpBP76T1eJNGP440fw1muUEkMlM4B6ReqjeZUAF6WqO/xSpO0mPt8AOU0vqIguoD+JrrxQV8Chzt5JpmplM/MZE5VDYMsm+RWjKsVj0Do+wZl+CJ0LgURm+7Ab1Fy040+hYidfP/JwbI+VHyU+rmxzKHEPFPamh8xGJLt5LHrmFDSg4pNHJz8gTSWEf8NSjaz5idoWfEOrrxgKKjAVVYtaCchMSJhwrzbBjNEZ1x2ZkE1DPuFkYt3QN06QNq3QkJH6LQu+GxmAoGjEr+RO/cnYfiZv+/fK9hKHZ8eFTF1b3cm+zv0+guYKW0X0/f761lgUYQ1WGGnXPNio0yOz+KBjBGUiZG8IfG18dezqFfZ5aXhRXFSvwPV+GS9qJh3wqZ0rbMBw8v+kxuFm5aw1Q64GCCrf4OdwnP1FRz5UR2bcy23wF5Tcpv1kCZncBTEIU1VqtpwYrV4Sj+4w5W1E+6PDBecrJhNJQuGTDDUJPj+XxI9+HaDi2th4xkh7uXA3jfBg1o120z81HFn/w8e3qPiIa57jGLiFDIOAAC1rr/3t9C3+T1W9ijZkwyccYnQlFvuyv4kUsbPqe16L70/v5K6noCuRHBHto0FgZOOGsAC2GNe9/Lwk1/RVZnRu58XZavWJ36FMdH9HzmwZmBXWUyWYTYR+CYZyflUatqe6yfVRbCIDHQ1aGmnftANwp4MmOycadDDYP7ejEAxmPM1NDEi7++McJqBNAt1lDz2XHSu+/B9+WMhLFfoUqMS9SZkXzrSUUOL4GCvKT2N7+HUKlN9ugOzvtSGSsjJORs3uUImrVzFt4RLwdhSj+omoBirfSkkw6hxpA0Ng1rnaPPTjs0GIQCjrzEls02dI/bgOsYLeHW9Zr9doZ3mtxBlHZ0BJUdGmLuVi2Ehdcl7OAlr0lrGsKxdjrWM+QFhhNWKrAJiOh3l9slAwJmtvziGBATdye9cq0RE6mVMFO6AtBoRPzOc1e8VgbILH2gSmyyJn03ibyfwz6dlBkEKYoCP8UNEH3oMAZaJiRSudqJQd1RUZ9uTyXFniVRo7V3HfVES2g0YXbdyxWbYS8Gyz6YI+SbgWW3DzdRJlgydffgOzwFATw+YQ7Wv1crZR6ZQCe1+Z5TYIcui3sfFdROpS8PEDrG51xi/C8OzGyAakDJ6fqDDzx9AdVCIGxFjFcaBYfy/gnXVM/hXgzOwuDtLF2wx6BRmtNdfoSnz8dy9BDb1nUNJTeEpw35AkdKsZpas1gJ78KZ0TuDj/lBu2owTAebzUXFHqxdVIgjxlMqdLxPAaQw1Zocl3AypfeuZWWcjWmTpAcWXn6cZnMdrb8h0VbJxMseMIwY6TrGi9JBh/5m66u9WBF7YEkLnEj/etAcsi+svH+t7pi2zPJhgLXYaOj8P0z3xSEgMU+tBaiH0WF67obdWDHFD7soahkg2MXe0+Qic0N4hd6U9uEL03LpZBwg==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MA0P287MB3378.INDP287.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(52116014)(38350700014)(13003099007);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 b9WqV8rM6pqiMzCyublM6vmEPXwFcbDQKUqGCgA4XGTf4L2tt36k6bmyWYzAhNXcTW0i0ORBl9WQOxTTXlEdd2TKMX0LCmmeX64IHkq7itVkmiYltIf2ymYqP9whP+XzsJQDE08EvH0Ck2R82pYfI60WwA01yp0McEJc47buXJEEIajZs/ggoN014uGY/VhHVyuUSIojBmR1P6vsljn3O9p1m5DDxoe1h2hj6MAxnd5cP1cPNczzuKcVrxlsCCYAsfkCc9Tajp6mxin+eznzciBXHlBgEmLGGQd3tf6gkbxDaXWDbxE7uTz9c+/efH4HmEnOq9iDC56OcYceZeySsbmLjARPzwdERM5t96R5vuJH3v2LgiWzoBbz7yIWqVd+3oQwXGZjRNe+zrWjFiZ+34GuZb+tFT5sL+4cq1kuw/aOsVMdQ+l3aPYF6hkM2cVnIL3lYAVAqO3b2tv5NM9Zt8JwszvtTlfedWFtOGj0bV5ikgS5bN1UscawT9OieUGNyTPcixuvIZsp5TrKYtXViFMTaInIzCfF3AGsM9ZOkgPchv0paPSu8Rrc9D8lIiH/Z2QYnL9DuwOBIRfJkEl6onFTCKukH4wusTNUmJaJXGx1fDOO8Qv2A4dKiNxMjr3/9zV5l/wnXheB+ZD1qsMU99rF5UZtC2Lo7+jTlAgScA6AwYZDGJ/JaLDwexPnrdWDWbhSUyaU3/aaEtjHnRQ/gBO7PLWI3CYLyW8ajhDIWxF44aEL1eYTzKGFyqMpEwy7I3ufwJP9PUHX06stnHJYIX5w4ucfDJK7nvBtyr/7gC/cpKLNC3yy6AtxiI/0EY2qSTvkFg7LRLRRAp/yRiTXWDaUY7foHLJNTgb+br54NUeEGunF1JGD4NEp9b5OqNvX9flgokAeP7ZomuFmGLNQZVnc5DuwCsfPgBpSCJ/sX4jxu6En0yM2PqkdPyaWOQ2BG46qUkjq00wyul3ROxRbutl+yxZb124lJNa/XKeplZju4qE1LeyqCR2zWoKI11RC0wYz6uuFvMAFRF8u4H00vvF17nnIFskohcwMRXhejxMzqsebuzptiXn94VIc4cXyGUN3mc0pLE7nlKi2uOFlBegEp0Bm9fH+t6h2eBXFyNNjqrELyjzBz1O7yzOqGTFsd4LQhL7v+lrXvJ9kRZLqx/3v62cZhQgmt5iPIwaaHbAi388PDRN/EAZxW3v/dOKIpcxJOLDx9NqBPovKqNkvqz8gdmY5elAp1l8FH4VF8GpMTyF0fMMwOGF9sPT5fOBrzKeKCcDsyDw5AKHl37tQvhbuBn/VMgYkRxWZaF6Yq8Lo29uvWRuEmGCuJ5PmpXKfxlTuzmwAoWB87jSz1xuQ0GaICszvz+3DjoXd+AW/m7zx8uciZ409XPsN//WKxo7BP081YznG0ne722B9fk7OxJrLJ6C7dO3abXwugp0xLYUy4th+wYu3Qr1YJRk1B5vb1vAudNn4X10BuAmvGzoSkK7T5T7M58nj3nA/Z2l79JUJiiVbeytsYMPc9ByM60Ohy5aFr2kID+IjyFgiqBURgR4YI401IhUC++gJM68jNzTCq0Iz2BNIGlLY5k53BQWHyfH/+aapW0p/qoHk4yIrdCRbR88tZ05Uh1cpXXmhKXY=
X-OriginatorOrg: bmwtechworks.in
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 49527f3d-48ef-4e06-07f7-08de398f1e5b
X-MS-Exchange-CrossTenant-AuthSource: MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2025 14:59:58.6515
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 970fa6fd-1031-4cc6-8c56-488f3c61cd05
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 YhsUMLyryA/+pj+z8IcNbex8cTvC/Z4+/xPJELZfc73hdBSYEi1lUOD+37CBF6AqE8Z891y9DUhVqid2QLxkTdsrL9+k3eMvASOvF8dky+PJnsDbFt8XNbygYJwHv/Yx
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PN4P287MB4723
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 12 Dec 2025 21:03:43 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/122622

Backport the fix for CVE-2025-53101

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774]

Add below patch to fix
0002-ImageMagick-Fix-CVE-2025-53101.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
---
 .../0002-ImageMagick-Fix-CVE-2025-53101.patch | 60 +++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |  1 +
 2 files changed, 61 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0002-ImageMagick-Fix-CVE-2025-53101.patch

diff --git a/meta-oe/recipes-support/imagemagick/files/0002-ImageMagick-Fix-CVE-2025-53101.patch b/meta-oe/recipes-support/imagemagick/files/0002-ImageMagick-Fix-CVE-2025-53101.patch
new file mode 100644
index 0000000000..a00beb78f1
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0002-ImageMagick-Fix-CVE-2025-53101.patch
@@ -0,0 +1,60 @@
+From 3c6a0eea436afbf5de708b6dda7e9dc7e5189399 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Wed, 5 Nov 2025 12:54:53 +0530
+Subject: [PATCH 02/18] ImageMagick: Fix CVE-2025-53101
+
+CVE: CVE-2025-53101
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774]
+Reference: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ MagickCore/image.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/MagickCore/image.c b/MagickCore/image.c
+index fe2a1cb5f..346285165 100644
+--- a/MagickCore/image.c
++++ b/MagickCore/image.c
+@@ -1650,7 +1650,6 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+     *p;
+ 
+   ssize_t
+-    field_width,
+     offset;
+ 
+   canonical=MagickFalse;
+@@ -1664,21 +1663,23 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+         p++;
+         continue;
+       }
+-    field_width=0;
+-    if (*q == '0')
+-      field_width=(ssize_t) strtol(q,&q,10);
+     switch (*q)
+     {
+       case 'd':
+       case 'o':
+       case 'x':
+       {
++        ssize_t
++          count;
++
+         q++;
+         c=(*q);
+         *q='\0';
+-        (void) FormatLocaleString(filename+(p-format-offset),(size_t)
++        count=FormatLocaleString(filename+(p-format-offset),(size_t)
+           (MagickPathExtent-(p-format-offset)),p,value);
+-        offset+=(4-field_width);
++        if ((count <= 0) || (count > (MagickPathExtent-(p-format-offset))))
++          return(0);
++        offset+=(ssize_t) ((q-p)-count);
+         *q=c;
+         (void) ConcatenateMagickString(filename,q,MagickPathExtent);
+         canonical=MagickTrue;
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index bdd6dbe955..ade10e1723 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -25,6 +25,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://CVE-2023-5341.patch \
     file://CVE-2022-28463.patch \
     file://0001-ImageMagick-Fix-CVE-2025-53014.patch \
+    file://0002-ImageMagick-Fix-CVE-2025-53101.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"

From patchwork Fri Dec 12 14:59:39 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
X-Patchwork-Id: 76395
Return-Path: <philip@balister.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C3E0CD59D9A
	for <webhook@archiver.kernel.org>; Fri, 12 Dec 2025 21:03:43 +0000 (UTC)
Received: from PNZPR01CU001.outbound.protection.outlook.com
 (PNZPR01CU001.outbound.protection.outlook.com [40.107.51.50])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.14954.1765552485003980206
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 12 Dec 2025 07:14:47 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@bmwtechworks.in
 header.s=selector1 header.b=QlfzUqfd;
 spf=pass (domain: bmwtechworks.in, ip: 40.107.51.50,
 mailfrom: divyanshu.rathore@bmwtechworks.in)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=a3u9hrKxxjPX7uhwjyCtPnTgQy3u3O2CfFXKKP6ZB814MGsrRVuEavaScIIC7LF6/BZk1NahZS2Kr6WPBLHvwpmXfV5sP3W/u9BEYaFQ2W55feLGTWFAVS3YQ0scSoObJQiR//FKfxt1iHF3VeLMU2j6p0ZmwV4ivWhFdn5SyIAPNN/bgXcF9mj9uIXHCzj8GCTzAbtwVxQtELtd63YTYENfduO+9rAoQNsNTqrbl2BFODjKNsfcmdvne/JCEfVhBTg4bOnD5mECZG9kmjwG3tTo5KeNbrCKmCVN3seAW6NLgjvjN94nPKxNdtxgU/zUxI1t8N+fj3Ee/z4cRmiuFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=FPUQuRwkaJI6h/0Ssgwdnl21qknmpCMEwVRMqk9CarI=;
 b=UnCEwicYs8f0aSNuEdBzTehQPguOODvuhEFrHpSY3EAanoGhPmvGh6zKYgRZWCLUDun88kYCsmGGcpxTKHNh/LDVlyWoN1c55RqLoQ9qa5w/yGvv8ZBdZKgQO3O2a960wizDLnmE1kc8+t//4Kk3DtuAwjOmSYL+e+nxZEt019H9uW+vB1dhqk1siqBix13thWhuAq60IFcpVTpk+UvM0IeNp1l33GJLT7g7gzsfOMKIqBezgDwxrKtFDR97KtaPiy+2ekrN7uIeZh7PC6csX/p7OfgZe9W3CFl5AB3Gf2+aIeKb8RBPp/e5JK9ZhAYKjOCua9lIZLgXDTEQa1jGcQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=bmwtechworks.in; dmarc=pass action=none
 header.from=bmwtechworks.in; dkim=pass header.d=bmwtechworks.in; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bmwtechworks.in;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=FPUQuRwkaJI6h/0Ssgwdnl21qknmpCMEwVRMqk9CarI=;
 b=QlfzUqfdYLspXAhLJ93SwWIXFPIu0C90mgPseMwkimK6uByCdyhuGGjXdjEZPNadHiNTAy79B/2DzpqLiz6GlB8RJlJh409nnp35TS8bBmbftr/hDkExoM5PzeEpildCiDieACc6HSGp98pISj+7SmJ4PIsDPeopOtjuznAUcYAJmH07h8fXlXBMW/IqYXWFXr7pADTr3adcpUoAXn++bQPDY1tl3i5zwSR9dRXndEWnMJejHpldkHVxHEjQb+AnHX1KYRupjg6opkpFmhkuOFzCZQJAQlJgbdhWmKWpe1ecVJPTLs327cnw+s4mH5qJyxGYyo4W/bF5M+FZOSMVQQ==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=bmwtechworks.in;
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:143::11)
 by PN0P287MB1122.INDP287.PROD.OUTLOOK.COM (2603:1096:c01:139::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9412.10; Fri, 12 Dec
 2025 15:00:02 +0000
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483]) by MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483%6]) with mapi id 15.20.9412.005; Fri, 12 Dec 2025
 15:00:01 +0000
From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
To: openembedded-devel@lists.openembedded.org
CC: Divyanshu.Rathore@bmwtechworks.in
Subject: [meta-oe][kirkstone][PATCH v2 03/11] ImageMagick: Fix CVE-2025-55160
Date: Fri, 12 Dec 2025 20:29:39 +0530
Message-ID: <20251212145947.7434-3-Divyanshu.Rathore@bmwtechworks.in>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
References: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
X-ClientProxiedBy: PN0PR01CA0009.INDPRD01.PROD.OUTLOOK.COM
 (2603:1096:c01:4f::14) To MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 (2603:1096:a01:143::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MA0P287MB3378:EE_|PN0P287MB1122:EE_
X-MS-Office365-Filtering-Correlation-Id: 1da9cd4a-537b-4234-28ed-08de398f2040
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|52116014|366016|376014|1800799024|38350700014|13003099007;
X-Microsoft-Antispam-Message-Info: 
 fq90NCj4pFv/3vn1FLRXbktkCiEP+zEBTDLbc6dMqCBT3pwWeIVtlmSR6K6ub7LW7vftMgI86d7M2k77toBtrxrnl1o1Jvw5tsqaHe/OtV2goojOa6sV5woD1bxCOQuL9hBioCRxOZQqmgZ38nLh9oDr6hEfRGC2RMQnq5CYF5auy2XkCHjY3sTNmCAt6Fy4Lw341tsXRhDNFfL5HctPHtP6HfbFCO4UZ0OjmT4xmM2QE2PGKZfa5LVmphC79yLbLV+fiqjYx+BGgGCVxiG2L346KHaW0Aovt9++FGZ90Q1VRhRFGpGkgyqM72ZAtoX4+e/+XardTWp046XrGs6wxn5TumT1lfL+9QqMNwh9pNzzBcEoWfJlAfYqABOPJvJQ9BpxMbl7g+JBjkGwCZIqupVZNbOSTo9jlyKu4tbxwoF5KURKBqFn4AieGidY29Kmd6pQzxYnG4AtF8iHnol0OYxLShj2+bCajvmFUVE14jr1E45/kmxGi0k8xZUj6i141Z41S8b5NbGKdkehpxYlb4CTpECtwS1DMaQNQ8bOnJGiRf3JYyfXhDUMp1AlcZ8Jg0HtOpM+olsGGYQWDBShOc2/lXyy+aqieP9WQ+zInE6jZo9xjMzrnfZOn3sl2RxJB8HCUgVajgrR+CMcpUKMm4SNZHVPQvk3H9cyOWcDTuWqztugTTUkP5ayi/dcUQixxxlVoC806P8EPb2nAH6pTJXkhwdJj4OKJSSRpHCcYDlpOFqWlRIxCBlZ+7TYUHdcmTegjoEX72YBN8YrcI0Fg4iWoJvUlUeGmFgxSMyrOl4GL1+Tfy+amyuJOH29pq00i0ontOa6vsIBBGnK3vdJ7Nfy0GUeMBqKRoUo/eVoaDJ1hgK5LZZuIwHjSgek0gMfqjPiK/fU7OGWSSEpooL5aEBgZyGciHez14eu3Nj+5AkTjnHnItJnh7PhJThOe+uTZvoIJ6v6yqIBzNT6yNvuy7/x7L9RoszmUjCXvZY0DCbg4wnpzuNm0dOSCqwz4VqQFJCE1QcIJOMkk47CjKraZJi+Tz1Od3Likt0U3NZUHuH1pkn5eeAmMbNfxNz90YYd0C689kNkAeC+NHik1cMtt7WHzQXVyJrK0YjBonjzeL1c6pNCn0COz8nD9ZMMSjDemO3HtbXcyfEeUv1OBOuzTlbNBciUc7HApqEyZMqFRKp2sUQQy2Hzb3MFDoftEYs0cp2dEcqF+F3+KA9Y1gUG7sYUC5x+96OAm8uNlbR7IEzkjEGTwRvVM+Lo7K08WwUZysHzvKr46LGK4CzycBHG+1bInspjW0GfPED5miVRa5+xuTV0D3NkXYrR58Hg2PCN0ggwkQbWLss4+41kflcY8KfpZc4uOfymQ1TJgVvnniiY9PkLL1hH+2khnxnoqm0xOrmxfOCgJ7IhkYCewXB2QeYxFLfArSStgc0ZfQxesYcF0P7Qo8Zw69RSS+WWEBCfF80WtQfKUtfNTC/dYUYVRg==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MA0P287MB3378.INDP287.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(38350700014)(13003099007);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 QMFu6uvzL0hS+biR25MtpG2tUX1WISQCIGzIvLUl+bCbfMDFmZ8h5SBPVSlFqkvYraNV0hXMI86aXwSCe3TEOC1/B/ZLqvSzAO2dQgczsh+oEKQyy/Pb9r7RxJzxupMlXbKVyAk+GdkdDOR1YKeH9raroZlM4wTZysm0rXc+wyBKsl1UPdRnsPJb2SiF+aVry716KQuhH+M1mi84xAdy98STABV535jNVfXXoGiHkSE4yLGeHn8vXU2kG+wzrmCoyXoQkP/88o6TDYlwj05aTJ1ATYztUvJDHy5EMeetgq7LynTVZ++9EDlqr90MkPWbL1o83YnhbbygQc5o2R+IT/46YETgm73SD6Uy4WolSIrCOReyyn105+MliDxxXJufMe9AT4M4raBd6tXwD69iCI0ZU/bC5u/8KrWDlm+Sn1cyuBKasm3yDBlQqOXThkJJXD232qhESpXjj9CjWmwawGcDJUGxuGghJWSc3YyFSYUJQkRUESu2HPcUatsgrtfO+D85sNsBWKFgWM/MZfUMxj5pSNROB5DMXu8+sWBO5c+01O/2Gv6YdbNvHtfbCfbFyj7Y/ea9U2HLPavqGd0P4PWD9n+QIboJf7ssLtdlTTfhgGH3yv7R27QWHQt84yqWIpnt1/UQU5B6OzF4jm8LQNPFFtkXeiIZ1A8YPmU70h4kg04GXL+HbWKekPa0FXT90NdryABfECVlk/iol4x29cFaKpk45DqiygllVJNHK3dDs7T2lbzUhz6ibwynXL082e7KM3VdosTQzEGZCAkUuumn0DPEmFb4WMPn8OdYTSfMiTiNCYh9JPSuMGRMqw5Xgx+a+gg5mb01yyDYdpTYkS5vsKq5lXTsNq/kE32a+tRb7zj0sTrhjp+5W484q/7yU9GdN5WlXCAUdDlDqmLPlz6MgNpX4xGFMBzfukm2jxUg4KfAgwzzDYOHZDtNyddYQIf5qM0YFB+6lsr7oJvMAaSFU05zJqR5ewFJbVaMxgRelKcFM0vF8ApQ8vFwv/O8k5mecyty2v9pEKTycplBRIeqho9AfZprATKBYW4wfVteH0EDKflX4asL5Py9uY8NajVcpxgVzavZN0EAu5hv3zvmOGiUbXtvnvdplxch3uP70BAXI+92NvHqa2QtL7cVF0dhb1wrfyuChMIWvHubRM1QVt9/fn63hu8r/yZ8P0bfjC5NrbSYSrlE1HYStXh4QiX1UvsJJ88bh/8pcQUH+NS5g56+37ZGiUrvRe9gZwH8jr6hw1f0hy6Fzko839ehBGQhEAWCZuho6LHdCseNV2bzO8xmdVM2oh7hr34ASig0CXrvyKP47Qb20pKYLf8HPerptIOWvNLEG5sat22xBf9fPBgAbWuUJiGXOjoPuc5ldSmfRt8A716PQUZoMUFJRx/cwmFnRD7BibdbGKzh37vi3nblKHtqAOliB7pAPZxbepFX4JcYvTUMYdxRQ0tDsxFKutLUZWQVRQLLwyD+HhNCx2tWqX2R2THCNQZINGUci62gz8b/2At7t0VTKb3xrtKP5kxYrxPtbC9ZbcSrIK4Udfj4DnniGJN4POwk8fdPmhAYWQZzLI7datr3DrQhx/T8zFFOLcFKNZQ/8l7i/uKtbDW4AbVDskFV4BoOKWA=
X-OriginatorOrg: bmwtechworks.in
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 1da9cd4a-537b-4234-28ed-08de398f2040
X-MS-Exchange-CrossTenant-AuthSource: MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2025 15:00:01.8310
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 970fa6fd-1031-4cc6-8c56-488f3c61cd05
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 pndCLrV+2sTp3NTXTxgkTcRkal3mil3qt3USKU7E8VXKQ7ogdoEWxh3TRR657Konpe6n6kR01kxvAcAkMnYM81/KKY2o1Q24yAu05bXP3COxDXqm4NV5RnALfaVJYcmi
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PN0P287MB1122
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 12 Dec 2025 21:03:43 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/122617

Backport the fix for CVE-2025-55160

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/63d8769dd6a8f32f4096c71be9e08a2c081e47da]

Add below patch to fix
0003-ImageMagick-Fix-CVE-2025-55160.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
---
 .../0003-ImageMagick-Fix-CVE-2025-55160.patch | 165 ++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |   1 +
 2 files changed, 166 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0003-ImageMagick-Fix-CVE-2025-55160.patch

diff --git a/meta-oe/recipes-support/imagemagick/files/0003-ImageMagick-Fix-CVE-2025-55160.patch b/meta-oe/recipes-support/imagemagick/files/0003-ImageMagick-Fix-CVE-2025-55160.patch
new file mode 100644
index 0000000000..567eea53af
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0003-ImageMagick-Fix-CVE-2025-55160.patch
@@ -0,0 +1,165 @@
+From 6089533c7044416b9ca491d550cfd1c971d39c76 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+Date: Fri, 3 Oct 2025 20:36:28 +0530
+Subject: [PATCH 03/18] ImageMagick: Fix CVE-2025-55160
+
+CVE: CVE-2025-55160
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/63d8769dd6a8f32f4096c71be9e08a2c081e47da]
+Reference: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+---
+ MagickCore/artifact.c | 17 ++++++++++++++++-
+ MagickCore/option.c   | 17 ++++++++++++++++-
+ MagickCore/profile.c  | 19 ++++++++++++++++++-
+ MagickCore/property.c | 18 ++++++++++++++++--
+ 4 files changed, 66 insertions(+), 5 deletions(-)
+
+diff --git a/MagickCore/artifact.c b/MagickCore/artifact.c
+index 0c376ed98..a27ebb8ec 100644
+--- a/MagickCore/artifact.c
++++ b/MagickCore/artifact.c
+@@ -99,6 +99,21 @@
+ %    o clone_image: the source image for artifacts to clone.
+ %
+ */
++
++typedef char
++  *(*CloneKeyFunc)(const char *),
++  *(*CloneValueFunc)(const char *);
++
++static inline void *CloneArtifactKey(void *key)
++{
++  return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
++}
++
++static inline void *CloneArtifactValue(void *value)
++{
++  return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
++}
++
+ MagickExport MagickBooleanType CloneImageArtifacts(Image *image,
+   const Image *clone_image)
+ {
+@@ -116,7 +131,7 @@ MagickExport MagickBooleanType CloneImageArtifacts(Image *image,
+       if (image->artifacts != (void *) NULL)
+         DestroyImageArtifacts(image);
+       image->artifacts=CloneSplayTree((SplayTreeInfo *) clone_image->artifacts,
+-        (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString);
++        CloneArtifactKey,CloneArtifactValue);
+     }
+   return(MagickTrue);
+ }
+diff --git a/MagickCore/option.c b/MagickCore/option.c
+index 99b43ac93..7047cf207 100644
+--- a/MagickCore/option.c
++++ b/MagickCore/option.c
+@@ -2187,6 +2187,21 @@ static const OptionInfo
+ %    o clone_info: the source image info for options to clone.
+ %
+ */
++
++typedef char
++  *(*CloneKeyFunc)(const char *),
++  *(*CloneValueFunc)(const char *);
++
++static inline void *CloneOptionKey(void *key)
++{
++  return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
++}
++
++static inline void *CloneOptionValue(void *value)
++{
++  return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
++}
++
+ MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info,
+   const ImageInfo *clone_info)
+ {
+@@ -2202,7 +2217,7 @@ MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info,
+       if (image_info->options != (void *) NULL)
+         DestroyImageOptions(image_info);
+       image_info->options=CloneSplayTree((SplayTreeInfo *) clone_info->options,
+-        (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString);
++        CloneOptionKey,CloneOptionValue);
+     }
+   return(MagickTrue);
+ }
+diff --git a/MagickCore/profile.c b/MagickCore/profile.c
+index d8924f7e2..254a11b77 100644
+--- a/MagickCore/profile.c
++++ b/MagickCore/profile.c
+@@ -149,6 +149,23 @@ typedef struct _CMSExceptionInfo
+ %    o clone_image: the clone image.
+ %
+ */
++
++typedef char
++  *(*CloneKeyFunc)(const char *);
++
++typedef StringInfo
++  *(*CloneValueFunc)(const StringInfo *);
++
++static inline void *CloneProfileKey(void *key)
++{
++  return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
++}
++
++static inline void *CloneProfileValue(void *value)
++{
++  return((void *) ((CloneValueFunc) CloneStringInfo)((const StringInfo *) value));
++}
++
+ MagickExport MagickBooleanType CloneImageProfiles(Image *image,
+   const Image *clone_image)
+ {
+@@ -163,7 +180,7 @@ MagickExport MagickBooleanType CloneImageProfiles(Image *image,
+       if (image->profiles != (void *) NULL)
+         DestroyImageProfiles(image);
+       image->profiles=CloneSplayTree((SplayTreeInfo *) clone_image->profiles,
+-        (void *(*)(void *)) ConstantString,(void *(*)(void *)) CloneStringInfo);
++        CloneProfileKey,CloneProfileValue);
+     }
+   return(MagickTrue);
+ }
+diff --git a/MagickCore/property.c b/MagickCore/property.c
+index 9626d079e..1b42adaee 100644
+--- a/MagickCore/property.c
++++ b/MagickCore/property.c
+@@ -131,6 +131,21 @@
+ %    o clone_image: the clone image.
+ %
+ */
++
++typedef char
++  *(*CloneKeyFunc)(const char *),
++  *(*CloneValueFunc)(const char *);
++
++static inline void *ClonePropertyKey(void *key)
++{
++  return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
++}
++
++static inline void *ClonePropertyValue(void *value)
++{
++  return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
++}
++
+ MagickExport MagickBooleanType CloneImageProperties(Image *image,
+   const Image *clone_image)
+ {
+@@ -194,8 +209,7 @@ MagickExport MagickBooleanType CloneImageProperties(Image *image,
+       if (image->properties != (void *) NULL)
+         DestroyImageProperties(image);
+       image->properties=CloneSplayTree((SplayTreeInfo *)
+-        clone_image->properties,(void *(*)(void *)) ConstantString,
+-        (void *(*)(void *)) ConstantString);
++        clone_image->properties,ClonePropertyKey,ClonePropertyValue);
+     }
+   return(MagickTrue);
+ }
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index ade10e1723..9b6ab5c7f4 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -26,6 +26,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://CVE-2022-28463.patch \
     file://0001-ImageMagick-Fix-CVE-2025-53014.patch \
     file://0002-ImageMagick-Fix-CVE-2025-53101.patch \
+    file://0003-ImageMagick-Fix-CVE-2025-55160.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"

From patchwork Fri Dec 12 14:59:40 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
X-Patchwork-Id: 76400
Return-Path: <philip@balister.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E8D7DD59F45
	for <webhook@archiver.kernel.org>; Fri, 12 Dec 2025 21:03:43 +0000 (UTC)
Received: from PNZPR01CU001.outbound.protection.outlook.com
 (PNZPR01CU001.outbound.protection.outlook.com [40.107.51.3])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.14831.1765552520493868176
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 12 Dec 2025 07:15:21 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@bmwtechworks.in
 header.s=selector1 header.b=G0fIA3Gk;
 spf=pass (domain: bmwtechworks.in, ip: 40.107.51.3,
 mailfrom: divyanshu.rathore@bmwtechworks.in)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=qYCwuMi1o9bjSQGd8vpl13nrdpqJ0I0UmtSPfwk0+Nvpmf28nJKfCNt+KfM51NXRbJ/PYg8FyrKrqG+ALd1hase/W0duKkhAtyBCCrDknF32t0/CAsMKs23EFAkVGB+r9avSVvySc6baoyuzsMaXN5KifpxOQB0fvV+6FGL4kplkNJryirG3CSeij6MxJQGMx513R2A6NGejv1h5zra2tXW/2xejn3hVYEBekrU6rpXrxxdSSA5/rDt1lkuSSYWJuS3ZVD3YlWOdipg3ZSaW3VxkXAkaHwR/JHM7TUm1ijmGFtEEwpCDAJbG4+E9q94pSYxL/nCEdS5e7azd8Owz+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=uFJmZ0vEepmSZQOI9u13z5aPOGGWHFXkI4NZlxYpOt0=;
 b=Mb6fkVdYP5dynh31m9gdkAZDG4TMAsbIjVf88KDEhVJlRfIUB79F4IXtS+DGpie6HU+kDihLJtQQRG5gnWbMulno3XknBRbkIhra1ebrNRb/LHYYmX7UYGc/x3lRV6jImSd1ThrAJeTD2R4NvKhqJNzCW0qdtoH/64Tt3H1BtmdixKtP6UqM0w7XolRYgQy9N2x8G+zSn2b6uVovQklHfN1LX/wQMactSxzrq71gK9tLlja5qHQtjgVGvFTF+cDUFuPS8kmyul1k6/+c7gvDWRuN4n45FaG9ZICJp2gkVF3cRNVDuN6YkDVmkOUfXN/fqdqMvku8HWQZyvptKFnh3A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=bmwtechworks.in; dmarc=pass action=none
 header.from=bmwtechworks.in; dkim=pass header.d=bmwtechworks.in; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bmwtechworks.in;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=uFJmZ0vEepmSZQOI9u13z5aPOGGWHFXkI4NZlxYpOt0=;
 b=G0fIA3Gk6srD9ROZXoc8rrYksfWoU3IpaeQS2qW20EkUjNdY1qBEHALVEF/d7xFTylZ7gEhqKWFavTkiEEnXWyI/P7bC3A9ZCTbJcwTul+AmJMd2+b1+dBjNnRRToL696spphxrKWna7Cj+XeUozJHkcjAfcyVjQNow3MYjnroNrb+kzr3MN56mMXkelTyJJzPnWFbdPuKHdXR2f1968J4TIAB9n/IDeYSYVLmy5GgZsH8QVGGGQY+85XrqShsm0BNgwdPlkM+94jHxZ35/PtTchwYhOTE4GXIOS8vtHpC4ESS2D9foNLr56l+3Sr2I5d5v9FWAUf6qK9ms3y5J6wA==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=bmwtechworks.in;
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:143::11)
 by PN0P287MB1122.INDP287.PROD.OUTLOOK.COM (2603:1096:c01:139::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9412.10; Fri, 12 Dec
 2025 15:00:14 +0000
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483]) by MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483%6]) with mapi id 15.20.9412.005; Fri, 12 Dec 2025
 15:00:14 +0000
From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
To: openembedded-devel@lists.openembedded.org
CC: Divyanshu.Rathore@bmwtechworks.in
Subject: [meta-oe][kirkstone][PATCH v2 04/11] ImageMagick: Fix CVE-2025-55005
Date: Fri, 12 Dec 2025 20:29:40 +0530
Message-ID: <20251212145947.7434-4-Divyanshu.Rathore@bmwtechworks.in>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
References: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
X-ClientProxiedBy: PN0PR01CA0009.INDPRD01.PROD.OUTLOOK.COM
 (2603:1096:c01:4f::14) To MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 (2603:1096:a01:143::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MA0P287MB3378:EE_|PN0P287MB1122:EE_
X-MS-Office365-Filtering-Correlation-Id: 85b47272-ce48-403c-3778-08de398f2790
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|52116014|366016|376014|1800799024|38350700014|13003099007;
X-Microsoft-Antispam-Message-Info: 
 NNe7XI6sc5UzJqpTbMUKk0d0KEdIXrBwTFa4/SH1QU3Kw4ke+MyinNjrWFa226KhGKpBHW58XDMc53Zu3J+1rLL2VycW80ETFyuvFrEjyd2UDMtoXmAFU5HJ7SSsSbf6GGc6+hdQGkfya0bTeOVrlv3+qtmn8BiWnHmZg0wToEJRaHZtcn7ku2JAK1VeIB/xLUV7KDoUssUGC0Fwc4dUfpRKJde405pjOe61l0/bM8bTc+Lyei4sI0ZHTTlMVsm2XGhS4h3fwMoBXz5p1QX04mNpbC87S4QmcecIuAXp1dX+4DS4fhxm0S3Ncr5EJQQH/ZKFfgJf5r3hiR7l5/bpOGgqQOQVWYy9o/Z28bdPds25nX9pshRAEqzQjGTWnfYs4VXwILY86HJpmsaCIrFe0P1Tx1bHCeI26C9catbqQAjIysUGNY66NkXO/2n34M0aDCqqMV7NdNBh1XWJijqpVpqpxVzaIeypQpn4TaPu5sptwzGOzZENB+tZg0w2VoXQRAg46DtdDhSP7vD3TlMSKDz/D9g9FhpdcxpQwvIICQdr6wYy0OYgvOoFCwSYA1mGq4RSg0VsSdh9kwhvahOp4EL/1Ho+wbSHbfunQaznUhgM+4X2fp6RtgRgAw5jTYRUA9TQkJ1GZbrziamHkSXJEXzJvb6i6m/WnZNlrNLFtq8rDhJZ458qp/7UXR4AQ4cERgTkcHyOPDyhJ6lYxZDhNviTX+z/9TOMgRAUnPFSTothifWdj7NsoY5IDDFdVY9HMJjlFoHczWxsFWK6HHo/LZrBNxMM79oZxxzbQ9UPfSlWIH37z2p3b0IxLMq/90jfSf0AFwM2LOPeM3gJA763gxU21zvIKc1NlnIisbs4uLENDud0sE+S/3OATl7szBivEt9MIRxHALaUxU+5Wf1E8DCkQfPTqjeZ6sOglcA6Ja57JHMu+QkeNBNbc+LGPGcZEEDgdJGWr2tVQ5XMAQrk0yHE0R2hKY3rIOTDpA6BHOr7ClsENt7s+RU6B6/V8vev8+J/YFGLZk5D1HjlDHuOiqTZjyyTR1t2KzYEjKSTt9TBejgBITcquApUV8rOkxBtn2u5BKGsHS+DegzXZ7dSMofoAZ8VA9jsjg/rhWanbB6Kj1iA2s+2SudyJayRcEYpT7W2Gnyce40FN3iM/0GQFBLBarCB0LhaZ8+Xa+V7c0VOlAe3eOiCA6AU+cpX/NCnwvrEVGDypHCm6VGsngLt1tM7IxSw2t9xrS6l/ogD/u9QDyGFYM5vZZqCOkYOakcbNcyW7ilZz2qPW2bUZIxiVW/ovkLQs8RBKdxgqhdkBUvdLjrPaO8Q4qmRj3Sv2X9G5TroOW47abj7G1cdNx0rdKmUdg8/KTQW2ypyxpXfudG+CJYv4sHNtSQPf7DDn9lYsceFoR0FwOkAi6oORsXgLYqhi1aPjv+s6UHH+AOO9sCtiiLa0o3k6QyuUbQ4Gi4+lW87NBpp6VwUjE7qUWFSCg==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MA0P287MB3378.INDP287.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(38350700014)(13003099007);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 5XOWnFxvP7aEURNr/5+qT66m+mtAZUPcZn8lHZ4nwm5bEZKYwDhG2xpM2agPU1VGw1Vb3hIw2738oA8oK7dtq0FZ4LnP1NRN71y7RPkxlVgpLnB2C5CHUKiTx7t4pxN+07drBYjwzwqSeGUygE4K+XexSMEKBKWDcLfpwTcP5EtxJ2CUGiHd183zM/E20QhWE1MT6lcBARtTzgvUFrus4WL0gNoUEwRdeGS9jgX5m+60wiTGhQFVip/hYdlN5o1pkSS/6AbDvaE17xOSGxmraEMKa+B/VdxExAhrOtXz5qix3+RffZJK4uN0/Cvoo0PCFJy70z/H7Ls2ZQZiL+tKNihmDBegzADc00JY8MUQGEW+APxkDuGwxZT0Wq1hgd1yiVcGtOX+3CiVk3grMpgjW4LrxF86C4qaUraE6jYBgP7Vy9jtuo9OhTpYA5U3y16N4H4xkR+Eop4MalJdUxAQFgIhBb6Oxtw+V+bio8cdPcgavbcUiN7GV912PuTPrdK/yIStXGMrF6asSerfAygNAIh+FFowlzWCopIfITY8Jsxf/Xi2pPPZfZyqHrqhLrgACUhNijkQpvxwzrLYsg6O5rrgdjaHUd/kD+kveOohvPk96f9JMHUdYpIe15mMJ/YNYWKWZ+De1ExJbX74bXupe+Dj/Bj8jgz+RfvZq9GJT+amRDfhWujtxEaqZa+H05g6jeOyAnKl3/QV7gcuAKZDSWO7aJkQgZIbecxb9v2U6wRlelXj5V8dd8wMCYq73MMMmGlPwMiP3+7KaOryW/Y1QtYRcK+zaHtk438TSUzc09kX/FhYK4YQCc0vmv5GH727kszIvZdAUDWjmFqcSDut4m6uOCZsN4/Ychp9YsLOJj3kzu6Rv7M2zDSR5UYH/KSvdsb4GmdGq+JYXCpfhWSMSEeOH7+g3KwW4wdhIni3EzgH4J45F7YPT3r0VzYms9JOCatxqOKIkPmOjQjB2UIZ4t3VvWQIZbpizJwUeoFj5IEZfd1gjP7gjHDllkb5GtLQ7vqBGzt5lZ8KLDkOBKUYEIKQxz2saSViQP1kpo49Kx8BL/aoYNJ4yd6C5lxWXJ17GyMIt1wMvisLAN0mRkWssea+F3dqFftYdzfHwyf7H0sd4rxfxqNmAnU/o7F5YpehC2aY/dmv61Gn5qYOpDkuPzIC+MQYvu8tZrUtI95UBlXu0cagcOW6VVLZVonCTeY9lqF/JVxv+NaIBw6XSoiZlJERG+NCeG9p+BaP+qFdJWpZQmkbF/kJ37LAT/V1zbSXFeRT+pLTqYhFXkKJ3pjyrS2YPTerxNvlFO92LDIeN34y9xp6EJdDzl7R/ahPT/25YMcldS9m4aUeT4dmacsYx1cANYq1qeiyCn2xwmxv0az6ifw/QcpQ2LBvEoJvok45we4JcKebetImQRTbjzCC8sIovW5PLeYB0EKLVZYiN/Jm2q6CEsoGD+gXiar60zpfpQZe/v3swdi5TyqJqJ1aO7/E5hby5eMfvNUF1ePQUaJWPdTD7z1vbsHO11vpMjQw/rqLLlmqzLEQvn4UiLOmErieRh6avHgXvrEyixRxvlBQc1V5Kjh/FkyuV+02l7jbHJhtOdTge1oXJSWf5JL58Vu3PxjShemL86ueFWehehs=
X-OriginatorOrg: bmwtechworks.in
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 85b47272-ce48-403c-3778-08de398f2790
X-MS-Exchange-CrossTenant-AuthSource: MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2025 15:00:14.0939
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 970fa6fd-1031-4cc6-8c56-488f3c61cd05
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 GOq3QjQfWDhXAyuPUhW54y2eh8UaKRpFtGqnJPhNLCtSGDFQgVNZi8g6oFj5tYL+KaRkcNZpmu3TTPf1fjapE3990DVrnLACGgy2NmheyYGddS12zi1ujMS7LPZfSHj7
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PN0P287MB1122
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 12 Dec 2025 21:03:43 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/122621

Backport the fix for CVE-2025-55005

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57]

Add below patch to fix
0004-ImageMagick-Fix-CVE-2025-55005.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
---
 .../0004-ImageMagick-Fix-CVE-2025-55005.patch | 40 +++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch

diff --git a/meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch b/meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch
new file mode 100644
index 0000000000..ed33093022
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0004-ImageMagick-Fix-CVE-2025-55005.patch
@@ -0,0 +1,40 @@
+From d16c2ff3b34a4785f089e956d2adfc5108fd63a8 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+Date: Fri, 3 Oct 2025 17:40:59 +0530
+Subject: [PATCH 04/18] ImageMagick: Fix CVE-2025-55005
+
+CVE: CVE-2025-55005
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57]
+Reference: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+---
+ MagickCore/colorspace.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
+index 2ffc72f88..0aeba03f8 100644
+--- a/MagickCore/colorspace.c
++++ b/MagickCore/colorspace.c
+@@ -2493,10 +2493,16 @@ static MagickBooleanType TransformsRGBImage(Image *image,
+       value=GetImageProperty(image,"reference-black",exception);
+       if (value != (const char *) NULL)
+         reference_black=StringToDouble(value,(char **) NULL);
++      if (reference_black > 1024.0)
++        reference_black=1024.0;
+       reference_white=ReferenceWhite;
+       value=GetImageProperty(image,"reference-white",exception);
+       if (value != (const char *) NULL)
+         reference_white=StringToDouble(value,(char **) NULL);
++      if (reference_white > 1024.0)
++        reference_white=1024.0;
++      if (reference_black > reference_white)
++        reference_black=reference_white;
+       logmap=(Quantum *) AcquireQuantumMemory((size_t) MaxMap+1UL,
+         sizeof(*logmap));
+       if (logmap == (Quantum *) NULL)
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index 9b6ab5c7f4..0256aa9164 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -27,6 +27,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://0001-ImageMagick-Fix-CVE-2025-53014.patch \
     file://0002-ImageMagick-Fix-CVE-2025-53101.patch \
     file://0003-ImageMagick-Fix-CVE-2025-55160.patch \
+    file://0004-ImageMagick-Fix-CVE-2025-55005.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"

From patchwork Fri Dec 12 14:59:41 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
X-Patchwork-Id: 76399
Return-Path: <philip@balister.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D9DBED59F41
	for <webhook@archiver.kernel.org>; Fri, 12 Dec 2025 21:03:43 +0000 (UTC)
Received: from MA0PR01CU012.outbound.protection.outlook.com
 (MA0PR01CU012.outbound.protection.outlook.com [40.107.57.36])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.14851.1765552567321600913
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 12 Dec 2025 07:16:07 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@bmwtechworks.in
 header.s=selector1 header.b=vs38j31L;
 spf=pass (domain: bmwtechworks.in, ip: 40.107.57.36,
 mailfrom: divyanshu.rathore@bmwtechworks.in)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=p4m1ufmbiQtMyOPBOoI7eftp3foVBuclf++qI7F3IKa/iPlymxuKT0Y8aSs8LDmfCtA/AyBwPdV9x9xo4frBXo3l8y2+WQ64pX8uQjtMP/U2zMZ3CthPT99AFaa760/toTPpFf5r6QXfsuoaRWvDWEnx1oM+qviU0eGFHeGPFY4yt6J+J/ieWg1gBHa4mAK7QbjWULWTkEF1YNbgBSdSF6th8UKKxwb3AzCr0SMeXjtnt44BPywmGY2YDEJCIJCtA7ijTtHNEbIyXsKXW1KxrO1deyq7quiljBot41mLTojG/Z9S/8x7tpSG7iMulXRh6MLMmW5eBUjFt657mcrBGQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=JqZDe7eroLCppubu9zswbGmbE8pE3AWlf5hmhb+bzhM=;
 b=pfmmyCVpZFJ35roHQcquqJt2sATtm3335hvd+0IEu10QLpQ2tjJSOP9dgouiSek2lfm0d4jIpBdQQJvEA2Szd62MLvx2dUrlE+bPKbeB0trN3fUd1X+8HDo8QLExy0zZCPKGEvP1vrXZkRiRJYdEG+TqowdT6+uX3aT1idcfzJw9aXQhAUrqzK7l1uWiR6vnK/bKtFe4LwY15AHf8DpvsolLeRPi82HuYPAPvQIRDgiIzVVro18ZNI2ouWIcgwMa06V8niByy+o2IhYD0EyVTYUif+2OMd5vpX4ou4OQw8zAY84/FRwEscsb39GwNqy/GJvHTRvrw+Kw9E/zKP8VkA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=bmwtechworks.in; dmarc=pass action=none
 header.from=bmwtechworks.in; dkim=pass header.d=bmwtechworks.in; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bmwtechworks.in;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=JqZDe7eroLCppubu9zswbGmbE8pE3AWlf5hmhb+bzhM=;
 b=vs38j31L2Fi/mgjp0duX18d1STp77oXmG3x9dtlT4k9jR1X/7ak4b2WNZu7vUWq6Ao9LHbx6PtBXPNtySXOspxzdDORcYWe4oe7XKBJRfx4WQ6aH/UIhwC7GAnY+6d54FA2yh8MWZBKv9dA/Ro/Y/e2PPSG/DXJ1atIR/zrUv7Z6QgRSxgpftH0oGtcr3/A2UxkKQnZD7gHDNUmy34AT7J7XyG4hT77v9po6RfdVbM/i3i4RwTuEBEOBzBbJygAF1VqUnBAgZRx1UaA3SHWEx+pFnZqeVpfkYNXayVAYG0PnVT1vqxdMNoMChpI09376y+O9KcWJkFV0ArnkmBylWg==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=bmwtechworks.in;
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:143::11)
 by PN0P287MB1122.INDP287.PROD.OUTLOOK.COM (2603:1096:c01:139::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9412.10; Fri, 12 Dec
 2025 15:00:15 +0000
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483]) by MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483%6]) with mapi id 15.20.9412.005; Fri, 12 Dec 2025
 15:00:15 +0000
From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
To: openembedded-devel@lists.openembedded.org
CC: Divyanshu.Rathore@bmwtechworks.in
Subject: [meta-oe][kirkstone][PATCH v2 05/11] ImageMagick: Fix CVE-2025-53019
Date: Fri, 12 Dec 2025 20:29:41 +0530
Message-ID: <20251212145947.7434-5-Divyanshu.Rathore@bmwtechworks.in>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
References: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
X-ClientProxiedBy: PN0PR01CA0009.INDPRD01.PROD.OUTLOOK.COM
 (2603:1096:c01:4f::14) To MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 (2603:1096:a01:143::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MA0P287MB3378:EE_|PN0P287MB1122:EE_
X-MS-Office365-Filtering-Correlation-Id: f4cafedd-ddbb-4bb0-0d18-08de398f283b
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|52116014|366016|376014|1800799024|38350700014;
X-Microsoft-Antispam-Message-Info: 
 p5Ps5BQQk/ZZpy19VFkComJ8wnMv1STrmNXgT9+0dAzbc+uNuALQ7BD5b5q0m/EibpklWYJI+D0340W3zi1y+U01y72cIjSvT1dY/9GLYB5eae/xV5DqvCjGY4sSC8iXkqHEhxjAR/WXG7QLUNa31m/9AeT0dx9yKr7aL2jbThe6zwnB2cLG1GAJZqnsEsbG4FUiSM1w7DX/yOws04lNUw62UvjwoImgL7ZyF1Z58hDkURZZbS0Lu/0oH1Vos4CC0BsDlG7hHX2NliK7n1RFym36roMPL2vDKPKp+PCibTCBZEcX5RWoP64s3g38drk15h9lt03CPb7lxlPbuNIVcSpQTrG1U62BqiJYTiyzU+G+0VQIPVhBMx2+C71eBoaAzkQmQ8xb+AmkvImnlkIBj7VOKoWv7Ns9kONdC3BOtAKLDXhLko7Gh/Y8jKxpduV89w1e/4GCRyTVD7Wti+lSz/ow5cL6OowZqVIcUUm2A9ge8AVIMnYlgKlIRLtEvGVMbO0WJXFr4sfrHaYdSETxXNSguN51m4k+QlS1KBfpMy+5RxLg5DKjd0W/s/AbOsj1nzNUVNnL+oMaRzJxd3cNfXR1e6NyYxG9uV82ig3Vu6NTO7w1iDl2Da9o1rPABOwE0JRiYscJ1ja4W5BgGCQSvf9BfKhlgvXOxHt9jRgAtExcQXBzJ2zIgInCVsPJOR0h2vck9qOIRvIyYAXwl/addZumA7QFxRm2Gn8qZimbGF88JqvJUCK1qNuoHvG8iqMgxBlhp4Vr4mRSWXkdND1A6sH9buMLC3oStYmt6QRKm8vjHrGJDudiQY7/KtVm3/HWIO4DyLD8LxWYho7Sa+xeGgIBVL9s7qydXVA48ZqTMPaxf7Ki9v4EvKV0pLNtDohhA2CQgMfk7Tuz/YPIGqmqXO0kehUkqImxS/XqXnbGMTVGf+HRwtZzYIsTmynpdtKroItCiT5auaS/kxQGBINIZXYtAKAwF4yYJQ+wTt6u23RY228A+zvayfOvjp1NCNM8HGruXjmAPGXrCDgW/ZZ0jTbtplWHPGrf44dgUEqjajKGWrn3khtEfk6Tbh4szu08ipeSniR5c8UI+zhY8ibjOvhUl5dJK5jJjd1RuMaUFqb5QKLb5rdlYdfuc1satElSS8HTWDVXU6RlyTIVL2KK9i7pBR1XpIMISb5zGYmKUGhI2dyZ5cDI4b7aapcOJKV82GwQeud6vft7dHz9/SvPlpwyNRL/tc0CCu7mgILQQgaV+/YOZnrA1YrzBK8k7oJX1YVrauH5k0IJoT8HN7vzjexAwUDroJaT/21FbLYNfJsFDIN5lq0mDg5/cnG88huYmiPY3fy8NbWWTnuhCuQ2k6I09/2iKOLLQUn5aju0jKzAkeq5pfl12DfH0E9Z0k7OtIWIw3PXTp6VQr8sMJ+ULnMRMwdHRHJnUjvhwTah7gVBJUlnPSF0z/VYQ5R3fVNZ
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MA0P287MB3378.INDP287.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(38350700014);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 /PW8TQNW3f74kNLHtBbGnfoudOkYGtc2vOWpIBOmPB5a+gWSAsBMzS9V57oexy/ZBSDMLh2h1L4GKpbA4gRyEC1AMWX9O8ji7KZOXkD9kFlXzJeY8rN9K2zggUVHX4LpMudx4SlofRdW/nVcpmv37pTjVCZK66zONYAwxfO7PzuP+fWGf20PUPxKw3cEqkQRb+9KG8JzG/sUBgONd9tKAwcsfuPyPnO/Gdc309dh6n3Q9PxV2096n4pX6nmPIIFrIr2obMY6Q/93n0Ni1ApQdgDNCravtBHkD40InKWESmWAfzBZnLFqkdyZbtyOSLZx/RMy3+l+tcv4BkYmgQB6c8dn0E4irCOaTQgCHgy1E8leI9XQRJaAZ/NwwMFQTuhD8TNJyjMXUGSNNnGMMzlhBRXzJTGNmk50D/9Fzj0QjJJOy8LeHvER2W9DxOSn9wRee5FdOs5KUX2wJB++SosTXrQwoTnKh4CTpP0pxPx7mdZvYzK2t27NTY8iSAgDllnhZCZnpJeCeNnm2PfKEXWGbjH2PYduhDdU8dps0PA1SY10zqmOcmf/SLe+rtC0/UJRbrXe9TphB6K8r5udl6kGD+hbIPkj0IeKAxRUzADhClkwi33N2JwxpmofYQPOx4c10FcKXN85HFToCAs7tlcqf+bhtU8LTwJCXueZnx5cZkM8m3m+EuNNfD67J5JCE849Z21F/8VuuUYvvJdrPeFKOBfUDQyT2GUW62yy9DyTmvRJxqjM4PlS62fKmcGUDoMJnxPTmgUUk7o+bbukka7CjI+Dqf47NOE/eySUzhJaRyex/jHc+cVF2DU8T/sT2pcb0EQlOktdtwc1FwbD/Nunga0mA7Qw5gCrKsc7JcaqdplPWf14vBe9w0wYLQ7MYhsV/JZ+1+q+djyIyYwUO7gqcP94AJ6QQJsdVzT141jFhb4mAPiPHN5+MeGsMGqUzb7gRie9uzXpZ/UZoY8jgfnaZbWRmi5ze0ju84jQDB8BvFZrPAX2XXJ80qEnJlb3ZSbeCsy2TAqa9A3kuGxgQK9ZwKI5OTDvgRrfSr1Nx+ef9PAnti/+k0dGK7jpAd4xDAEhRSgJx6Dj33beepuwenRhirel5LVBVQSQDnDHdlKcgZC35bCdc0A7ZGR4gF9Sh/baWAVaOEG6cpGCe5fVxz1QUW9HqBZC+sAv1W168BTTmkI00FFgCykXwJjG/X1amUoV+ScfqplTbjz/Z2H9y9+x8EbSBaC4ON4USvch/7dDwO/BPZL73iK1u4PcJduyf9ogX4m9THsvsjsTBALoVk3RHzIVOPeno7nD59Vyr1MXf/Ydhfk4tXYNngz3+jF0JESyLDFZ7HzceI3js2I/r/+wtMlwiV1NwKjQCaDeWmsh085l8He+mySz6poeAGhsSew9y5hDcOtoCZRCLvb3g8HJadrGWmfd8juq4r860sLJF5HwZhqaLu80Q8E/NxZUYNmKmtbmNauOF82+IqHFzM45Zf92j/4U4u/74sHZBR4/ExDUaEvGwmMpY8A9dzEzMc/j+0tv3RtHPNIsvLCz4ujxcBgS8pj3VT3LmYV2mnlmvwlS0SSnKEDDXA3p0IMRmlKlDverntk4sQ5uAcSExI7/u2pZNHZWexP/zWwf1uyJhLY=
X-OriginatorOrg: bmwtechworks.in
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 f4cafedd-ddbb-4bb0-0d18-08de398f283b
X-MS-Exchange-CrossTenant-AuthSource: MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2025 15:00:15.2280
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 970fa6fd-1031-4cc6-8c56-488f3c61cd05
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 t1uKPzpiwj/G7MQ5UYrxbTqB9sbvBBXtATAvqNxV6jei6cIDqG6TdBIbZxXxJYHxhbCtX/CQ6YN3t9+R6q79smYLYOGZ5dW/nBK79naWZbkiwbCv2/4kO/8ChVaMPsG6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PN0P287MB1122
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 12 Dec 2025 21:03:43 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/122623

Backport the fix for CVE-2025-53019

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c]

Add below patch to fix CVE-2025-53019
0005-ImageMagick-Fix-CVE-2025-53019.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
---
 .../0005-ImageMagick-Fix-CVE-2025-53019.patch | 33 +++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch

diff --git a/meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch b/meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch
new file mode 100644
index 0000000000..c5bc15386a
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch
@@ -0,0 +1,33 @@
+From c0367e544456895e77661481b76a55ac30d52420 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+Date: Mon, 29 Sep 2025 15:38:57 +0530
+Subject: [PATCH 05/18] ImageMagick: Fix CVE-2025-53019
+
+Fixed memory leak when entering StreamImage multiple times.
+CVE: CVE-2025-53019
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c.patch]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
+---
+ MagickCore/stream.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/MagickCore/stream.c b/MagickCore/stream.c
+index 28fa0f25b..bfa29f25e 100644
+--- a/MagickCore/stream.c
++++ b/MagickCore/stream.c
+@@ -1350,7 +1350,8 @@ MagickExport Image *StreamImage(const ImageInfo *image_info,
+   assert(exception != (ExceptionInfo *) NULL);
+   read_info=CloneImageInfo(image_info);
+   stream_info->image_info=image_info;
+-  stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL);
++  if (stream_info->quantum_info == (QuantumInfo *) NULL)
++    stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL);
+   if (stream_info->quantum_info == (QuantumInfo *) NULL)
+     {
+       read_info=DestroyImageInfo(read_info);
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index 0256aa9164..c40aef1b46 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -28,6 +28,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://0002-ImageMagick-Fix-CVE-2025-53101.patch \
     file://0003-ImageMagick-Fix-CVE-2025-55160.patch \
     file://0004-ImageMagick-Fix-CVE-2025-55005.patch \
+    file://0005-ImageMagick-Fix-CVE-2025-53019.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"

From patchwork Fri Dec 12 14:59:42 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
X-Patchwork-Id: 76397
Return-Path: <philip@balister.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D5E92D59D9F
	for <webhook@archiver.kernel.org>; Fri, 12 Dec 2025 21:03:43 +0000 (UTC)
Received: from MA0PR01CU009.outbound.protection.outlook.com
 (MA0PR01CU009.outbound.protection.outlook.com [52.101.227.66])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.14828.1765552511015311504
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 12 Dec 2025 07:15:11 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@bmwtechworks.in
 header.s=selector1 header.b=DS/y+tpH;
 spf=pass (domain: bmwtechworks.in, ip: 52.101.227.66,
 mailfrom: divyanshu.rathore@bmwtechworks.in)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=OgE95Tq9kGViZXwh5yYcAC3GKlmn2w1NNOCxH+sa76lDc8otKq29W2g8p+uyCqPykjHhqzbjpSWQnNKho8M05H52b5bCEtvAnBSpUH32UU+1CtLE7Rlh6bl8a17l8k/5ez2ox7BiRQ4YSFnU3dyVbALuwK+ebbHrqk71Ib1cBLRUS3Z1LRDiWeTzDr0H7LWuQhH7GNOZIsRQ69eAfkRV4JYTHH+XznoAjW0+dpXFvEpF+2YesRWiMde8v18I/HJtXGOYolP2qMLYrRmPD0VZNY/U9zVOSUaZCH6mKcGTsFrscposz8C7Y0FrtO84VURw3Z+M1tlfsywCZHiKgarrNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=GdyEtyqUtTfOmfYJsMbvdrDMhwj/0A0gus+bZkkBeBY=;
 b=LuPT/E1y1BYFCQ2OeDCHBxn875V5xzoFp7nFLXwWVpYW3N82czvGt9PBhq8MyOa9zN3iT0Jdy+4pcb4ekqkhCC85XV4ZupBeeIuJIjZMvGxtn4sBs4yx3pcMJ08S9ZnWAnBlHwr/GMb+nSCA7rVZdMMmt/OeQXxl6AkBs1TjO6iSjVJQU9VkiNtj9i9xlI64b1TvqrlpHruxqMydk/aFmc2PESTE+XLjKS9ktQShSegdS3VTQ3/KuVmL4O7UwNv1wNFFOKJzQ2RccGBN3ltfIFKL+ohhDW/yBEgm2b8LX0R1T9Gpa8uzWFuuylAfa2RRJNkabVDEDBfJszhIeJLeaQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=bmwtechworks.in; dmarc=pass action=none
 header.from=bmwtechworks.in; dkim=pass header.d=bmwtechworks.in; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bmwtechworks.in;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=GdyEtyqUtTfOmfYJsMbvdrDMhwj/0A0gus+bZkkBeBY=;
 b=DS/y+tpHe2F27cM/WGUXjIqnC/Aykr3/xWJR5n+BQP6Gj8vE5zzu5p6VMyyOAfk/3yahphsiIgCvazOJUhBX6ID3npUNYO0kF4qBMj28LV81xM2a4dMZ7kg/VgfcIrjPPwJLU3im9ZOD+77XKudp/TH0Q7sPCG2bXnBTrOWfVqUm8qwLkrVM9ZQwWSms+fo2t0sRMAw01TzFPza2sS6Pa/g61y40SSCNHjfsohFXvDI/3XiV3hCmkTwFpX2JWChlIWCAEC9H5wz6eFRNRyZJrgYfnjcY75IadDXzUO15kmtZ7D93HBxMJROLvEh+B+YuPiqtHd0ujtKmYUH/waN2dw==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=bmwtechworks.in;
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:143::11)
 by PN0P287MB1122.INDP287.PROD.OUTLOOK.COM (2603:1096:c01:139::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9412.10; Fri, 12 Dec
 2025 15:00:16 +0000
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483]) by MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483%6]) with mapi id 15.20.9412.005; Fri, 12 Dec 2025
 15:00:16 +0000
From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
To: openembedded-devel@lists.openembedded.org
CC: Divyanshu.Rathore@bmwtechworks.in
Subject: [meta-oe][kirkstone][PATCH v2 06/11] ImageMagick: Fix CVE-2025-55004
Date: Fri, 12 Dec 2025 20:29:42 +0530
Message-ID: <20251212145947.7434-6-Divyanshu.Rathore@bmwtechworks.in>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
References: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
X-ClientProxiedBy: PN0PR01CA0009.INDPRD01.PROD.OUTLOOK.COM
 (2603:1096:c01:4f::14) To MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 (2603:1096:a01:143::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MA0P287MB3378:EE_|PN0P287MB1122:EE_
X-MS-Office365-Filtering-Correlation-Id: b0d3a7b0-ce0b-42c6-3ad1-08de398f28da
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|52116014|366016|376014|1800799024|38350700014|13003099007;
X-Microsoft-Antispam-Message-Info: 
 qcWMFCSgD9DLAzchptBMo4HsfY3u3Y4ktFKu4T6CmP9e4eBCDUdWuqhUR1gxASCGMvWBYQVMCBjFK8+Lb+5N5GbxkjhCLcTTWBE+wICgL10SSK0dNpzv9fG/vbtgevlOdITzKCVUfeJ+lhZNq4u4F9GguPBY9b+aRBkS65nh7uM/x9zOljbiZlBJlVB8BfQ5pn9HMLPfOW3LVDrK11N6S2uYhpHbTdcyTHGTvmlQfPd24jndDob8BHhejILUeXd0aoDyaZoHJR1JKZfJKfLm2StbTnJ2TtNWg8TUlvXW4d5omZFigeGT3oYgnfmbJw1Gnqq1887+Oc1BV4TiSs2zyGukmboVQucrIFBz4tzjDQw+gsttdZo91rZba3NSS22v6aDSb9ab/iKhcInTbOiyMrBJpt2P42jVx37oDMBspIuu98lDN9R10Xqk0hRdO9fo+lHCxrLgf2ZBv0IDG9Ur9tSDj8RjQAlBIx9OsvAuOwDcpCleuuBPBLwEYRP3aDY/BrEBFxzyLY2XRq0RcqUtP+jY+lV1btLqbeKSvxlQIMKmrztAUbaosk6tDFgvotHYGuGfburunHAlHJbWu3XIjTMKX8qoJ7ToIY4rb10DV+EMaS2rO0NBp29RYCupL3C60M9AwZoQYNtjc3Nn6qU+Fikn/dhYAC22OHJlKdXagtR9OKr0v3Iwi9Htjb50ZkAy75VkwA0K82/eglDRVsHM+FJ8oRF2I9LQLMefiDVLkdrVZ6iu1K07JC9P5EGjYgIeK3NduXI5sgQdGgZcxKmsEPTOuX559jnhTISwj3LtMnVevkCbPDrVOuZxosXNnYDiU488oAXxe+UOcWZELxLLG8Tu5e0Tf443rSBOieks+NfZ3DPv5iBibdHY2XKFXDARchjCf0LfOP7qkjhPWWFYfeeRWZIaw9PSg9LiVp3AJzktJqbNSd+h0XLo7WwD3LbDcTF8Qr64RAE84gbWE5OS+pfOylyEaaj/dfAkxjsWrhJcPD2s3lMsbhTo46CHLVy4OidJ67Q1rCPJf6aLcYVL+eQMHsusZD/oTKOuJ5tSqIBRVwgb6JCFc8TSZN7QPFVODHzu5JfkFDzEisMsD9ns+v4hkTo+eMBBO5Kn9ZcVs17d0khW4aiRwB9/1uSasTedJ4g0c1QnKwlJTQcTqe7fv4i9bMPCE4BA6fsqHM+foOwiska5q5JCfSHhWam+vDgGx0DdFFOB/vmzJTYqNaLgw475eMMjJYuATxuK9biD9bPBMWg1RMRS+D56alNm7mWDknR+8s6kaxoOg+V0Tb8WsjTMiSzWrtvMoytDfvUt/gQutPnao/GgXSMD2rHcgBQZV2jwTmQmV2oz7V8tU9YMLouL/CbPk/G+9EUS40bW/0EhsLsc8DSu2Z9vHYNEijbuaLPXfytSzrH6bcSI93Krt84bX3Ec1fhDC3CveRVDr6peQeXb9MhQ9d9voymXY7HcIEV0FyibBRo3FF6OT42Blg==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MA0P287MB3378.INDP287.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(38350700014)(13003099007);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 UNlyoole50mHhIN4umy7dnNIgAuYAX17WNKzpCmW/dBQJR6d6/MKkhE2ddYdZGCXTLbwD1t8hXrYpaeER74vV+zLqemNxjdsJMIc1hpzzuUrIofSSAZGdfRI6Jn/OzDc1BriNbgvG8GFl3VNHztvGWeV3u30Q7DXEB85cEQ3XKiILJ5vPLmIaLn7GApZrJGUYqH17MEMUrC3zGY/jWtSS7m02zIhF0eVMitaxqPaiyT+hRN1zMLfOmvUozetTZFVDWb9oKugLMbutlLF95N12VZSCDAlFJN3d4ttg/7dRvtRK4PYNgS06wTdqJnTtK17dU4skZsRpMWdbPmJZsehuJUCGtoCoc4YlDXmU2PJwCJpqT7d13V4cteAOCNllAKIDejZCMF9jemUV+2j0079OgSjfMURBmXUPaYVIs7dZNtO5jQZn675IyzgHUMj59hXmyulyEF0KmX0QPsLKK1OuTfVg8s4cBsR44FII6N4bB8uVkS2Tb6blamPheINtXqk8jsqJMDue0RFFpABH/AO4NVFsaQXMnJS2xStq+2Xog9XVKbA/rIZlQnOVl1xsengX/XZH0hMzxDnqkerDo07oTOSIBhJtDcM0J75TzZ32j0bN6ThhcO9DGzaIVyoUFRshu2G5KUYd34gTHqKmBTZixDSPwDBZTgfaIQxR8dgZxt+FIgpTBUQeHcdRt5n1W87ImSdf38nz5S+V9wdN2twQmdeasJUItQNVUpE3L5ohndABcKdpyibafI5HPwNhsXz8kfBWqBb1qAWIQT2wFVwaiBlOr3M7oevZIqa62dQVgYdgTqlsAbpN8gE30NGkGdtonXoFJR7PdLhMNxoFQSj4FyBmwHzpwVvEOf6D9TKRTpTz+jur+KMLWyaKoauAXnZMqbpjZ+EPicyFhUgI8ZMf1cehX3PhAiKvrEwgBUB9mVZXzCCCHLCL2qhHT+waC0oG4QkO4KzbSPsTaSZlIoHjt6Z2ngQXjvmkMm9HZqFBqa1IImrBUxpO6zYKJO8fC8q6X7MfLjgZbusUCIFDLO0dFHJ4yGJ6X525vnwYV5UTHyNLetkuYdC0NZA0TIXPD8wX5+rhh/Ddk+ZbyLGBY0W+GMyjxdgwqcaAaM6IslAFPaKyxmiZnjB5dqqVOnGG4TX3XAIvzzWEFsmBl9JXcuuqcAi5vH3EPIKorjtPlj4/5A5n/Py5ar+R7qjguQANv3CofnNiKiFCcmPfV/YO08Sjx1EWWIv8cjyk9npumcHmvXCBNgZzx9dojyvi7VhtbP+PJ36JUnRM/+DeDD05WsUrp7ioBR0PxtnhdhkF1X1HLTKxhuP/V5S0YIf0psxXSoB9lKh9Uwni6Wi+YpKGhpFhwDnJ79aNtZUWkvNkijQBqAXVcnQxEXCdHJ60JBFQFsDgSnOKsW1/xdYQW3tNCebYgeshSPZlHqNJ1dTtGh/o8JPph7mTQ/z+r3Bs2ygK5de/JfsYm9sSA2mQJ4ZEHG7SUv6eRY3PuFxbBaqQPGshlYlXIxMlKCNj+d59FctwIq8kbXaDhnJ2KEcewwlyCaKaM1NMi5unQZoP/sEQloRLHYEVmCiZYWnpcalmuexMh1hqPXpt32SKph93n/31IFEu9Y3biBHdoYX6utgKx1LqmQ=
X-OriginatorOrg: bmwtechworks.in
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 b0d3a7b0-ce0b-42c6-3ad1-08de398f28da
X-MS-Exchange-CrossTenant-AuthSource: MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2025 15:00:16.2644
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 970fa6fd-1031-4cc6-8c56-488f3c61cd05
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 t6W/4URK9La8Z/bVY9y0CiCJo76TkqVlPp66Ep0m5DvL+xDdUgSAeCjf7sOEe9xCZBu/nPTgjlVeYEA0pY8RcosiA0vlhEd2G0SzcjMku+PZKB8UCk/gP3SuMiyVnPZ2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PN0P287MB1122
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 12 Dec 2025 21:03:43 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/122620

Backport the fix for CVE-2025-55004

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/55d97055e00a7bc7ae2776c99824002fbb4a72aa]

Add below patch to fix
0006-ImageMagick-Fix-CVE-2025-55004.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
---
 .../0006-ImageMagick-Fix-CVE-2025-55004.patch | 67 +++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |  1 +
 2 files changed, 68 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0006-ImageMagick-Fix-CVE-2025-55004.patch

diff --git a/meta-oe/recipes-support/imagemagick/files/0006-ImageMagick-Fix-CVE-2025-55004.patch b/meta-oe/recipes-support/imagemagick/files/0006-ImageMagick-Fix-CVE-2025-55004.patch
new file mode 100644
index 0000000000..59805b6a69
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0006-ImageMagick-Fix-CVE-2025-55004.patch
@@ -0,0 +1,67 @@
+From 13089a79a67ed0f1408fdee09f89e6e2497f10c6 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Tue, 28 Oct 2025 13:55:50 +0530
+Subject: [PATCH 06/18] ImageMagick: Fix CVE-2025-55004
+
+CVE: CVE-2025-55004
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/55d97055e00a7bc7ae2776c99824002fbb4a72aa]
+Reference: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ coders/png.c | 29 ++++++++++-------------------
+ 1 file changed, 10 insertions(+), 19 deletions(-)
+
+diff --git a/coders/png.c b/coders/png.c
+index dbab45e60..343934ce8 100644
+--- a/coders/png.c
++++ b/coders/png.c
+@@ -5113,33 +5113,24 @@ static Image *ReadOneJNGImage(MngInfo *m
+       jng_image=ReadImage(alpha_image_info,exception);
+
+       if (jng_image != (Image *) NULL)
+-        for (y=0; y < (ssize_t) image->rows; y++)
+         {
+-          s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception);
+-          q=GetAuthenticPixels(image,0,y,image->columns,1,exception);
+-          if ((s == (const Quantum *)  NULL) || (q == (Quantum *) NULL))
+-            break;
++          image->alpha_trait=BlendPixelTrait;
++          for (y=0; y < (ssize_t) image->rows; y++)
++          {
++            s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception);
++            q=GetAuthenticPixels(image,0,y,image->columns,1,exception);
++            if ((s == (const Quantum *)  NULL) || (q == (Quantum *) NULL))
++              break;
+
+-          if (image->alpha_trait != UndefinedPixelTrait)
+             for (x=(ssize_t) image->columns; x != 0; x--)
+             {
+               SetPixelAlpha(image,GetPixelRed(jng_image,s),q);
+               q+=GetPixelChannels(image);
+               s+=GetPixelChannels(jng_image);
+             }
+-
+-          else
+-            for (x=(ssize_t) image->columns; x != 0; x--)
+-            {
+-              SetPixelAlpha(image,GetPixelRed(jng_image,s),q);
+-              if (GetPixelAlpha(image,q) != OpaqueAlpha)
+-                image->alpha_trait=BlendPixelTrait;
+-              q+=GetPixelChannels(image);
+-              s+=GetPixelChannels(jng_image);
+-            }
+-
+-          if (SyncAuthenticPixels(image,exception) == MagickFalse)
+-            break;
++            if (SyncAuthenticPixels(image,exception) == MagickFalse)
++              break;
++          }
+         }
+       (void) RelinquishUniqueFileResource(alpha_image->filename);
+       alpha_image=DestroyImageList(alpha_image);
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index c40aef1b46..c209faa29c 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -29,6 +29,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://0003-ImageMagick-Fix-CVE-2025-55160.patch \
     file://0004-ImageMagick-Fix-CVE-2025-55005.patch \
     file://0005-ImageMagick-Fix-CVE-2025-53019.patch \
+    file://0006-ImageMagick-Fix-CVE-2025-55004.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"

From patchwork Fri Dec 12 14:59:43 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
X-Patchwork-Id: 76403
Return-Path: <philip@balister.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 030CBD59F49
	for <webhook@archiver.kernel.org>; Fri, 12 Dec 2025 21:03:44 +0000 (UTC)
Received: from MA0PR01CU009.outbound.protection.outlook.com
 (MA0PR01CU009.outbound.protection.outlook.com [52.101.227.57])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.15017.1765552653352545030
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 12 Dec 2025 07:17:34 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@bmwtechworks.in
 header.s=selector1 header.b=NPbdP9Ut;
 spf=pass (domain: bmwtechworks.in, ip: 52.101.227.57,
 mailfrom: divyanshu.rathore@bmwtechworks.in)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=eceRPqLrh6I7x83GTVw+dkjnLtrCUTa241KlAh44EPdvqWjkNqlF0ENgV+6olgVePD64Z9/X71HktWL8DaFKwoq7+PVzvBSyxHHTFXymSATeYFczDECo3Mx/PiyBp01V7kKIaTB9Tql2y06TpFSigQwSWu9gG7/BB19difsKGR7HjIfUOzFYZ+Z+wEyEP70xyp8FEvaKLgO3Yax5W98CYsF7mP8Yeg3u7j62mDBDSElGObZkvhFC6o2lhIAHimqSUhiEg8iY4Fr9DXOwNW5b1WBaB5JdsyL0G42xcelBxUcuYw2jcs7s+xYxMqfjEt4nDPvdEZ5dZ2wsftzRhU1Cfw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=KE+1UHmnrHJfCGVulku3Eem+JVFkciPEFZyrQmCBTYU=;
 b=uU9RQAQmXZysAyngxa4wFzBCbziHKM8HVXOvFpa2WAsmvDS9aoayjY40ELYZPtZcukUCW7faA48UMuZ3Ytcd43MgZryy/2cZZ5FGeXgYwSJtO8YeQSu3NMtOKHbNxwvi96PGURbXHfcppDg8YEtm1Uy+s1wC9PqDv33kPdXQeVbjIYLSulpoQufx5tLRKcZ1X4YFS9CfL17Mw/MbGc1QXdF4rEWhbe1aCVepyxVo5NMj9UUuP/KR8zTMvbj9Jlu1W4vvOKSesG5faNrF4wTM5cb76Tefon3UK50p/SOffeMXupQSo9hW0+RyMerh5Fh0CJexPslIVBNBS2wq5aE70w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=bmwtechworks.in; dmarc=pass action=none
 header.from=bmwtechworks.in; dkim=pass header.d=bmwtechworks.in; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bmwtechworks.in;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=KE+1UHmnrHJfCGVulku3Eem+JVFkciPEFZyrQmCBTYU=;
 b=NPbdP9UtrTinuaP8PzvhQe3UQhD866l/H804e2damkvfwLBvC6GsebdSL/JVT+yHJdW4e4ZENiTC9fgJ1dgx0tOe8082qFtghJ9hhWHuEaONg7Y789zj77451/fQpLbXKCtayOFYYDzwjbsD3WJE+FGP1zTo8cNXBvQ3iw22T4WzIEgXFd8t10vV8UZE4IJeI7nKU1HrIHf+PoJz1N0qvygUOS1WTyLgq3RpsSrxl6qB/pKRmqi8zqPjQBKG9dilL5scyeJ2b2IzfvPkUFIf70qqyfgv02IUO1euoXzK/zgPWumw6lnoJBIvfOAde/DrA0/6Ne4LJgv0CRWpYUxOmg==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=bmwtechworks.in;
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:143::11)
 by PN0P287MB1122.INDP287.PROD.OUTLOOK.COM (2603:1096:c01:139::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9412.10; Fri, 12 Dec
 2025 15:00:17 +0000
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483]) by MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483%6]) with mapi id 15.20.9412.005; Fri, 12 Dec 2025
 15:00:17 +0000
From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
To: openembedded-devel@lists.openembedded.org
CC: Divyanshu.Rathore@bmwtechworks.in
Subject: [meta-oe][kirkstone][PATCH v2 07/11] ImageMagick: Fix CVE-2025-57803
Date: Fri, 12 Dec 2025 20:29:43 +0530
Message-ID: <20251212145947.7434-7-Divyanshu.Rathore@bmwtechworks.in>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
References: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
X-ClientProxiedBy: PN0PR01CA0009.INDPRD01.PROD.OUTLOOK.COM
 (2603:1096:c01:4f::14) To MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 (2603:1096:a01:143::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MA0P287MB3378:EE_|PN0P287MB1122:EE_
X-MS-Office365-Filtering-Correlation-Id: 7e0e63f3-fcaa-4402-5a1f-08de398f2982
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|52116014|366016|376014|1800799024|38350700014|13003099007;
X-Microsoft-Antispam-Message-Info: 
 V0/QRXLxRtvqYDcqnbRMwQuTVAOOc/tljoLXFUXqf2woWBkF0nO4f8Mt2lnvKc4Vq0AaNKew8ue6Tc0sHeiUOltUGQvYUf3gAzSobpozk8MQ6Rnr7NE4/2TViuIgPlgggzy5oLp1MBrHwYO/RiUeAYUG6VpBSKzd/Kd0dhokGRwIPkyJgWNFdB0uwW9ckEli0tdx0O+Fb9Xu49+bNoef7WFgiUwbh17ouMBVHM4nQi6fMbjsR+AmRAR+tUfoEh5H56yhGrq3kYQylf7PMXg39vdsxruFoX8ctpLSEJ6SVoTzWYmPqNfxIqnVL1F1oL8pf2fvW8+xgshk6kXY+vfy/IGLV/+ixedXHW1R8ZkaJ6hy611bnnLEKSwMJ7R8Vd6JPuHENyiioB/Xdc2TJZXRFx79nlkey8h40XDuheEgM4q1UDYGIHZCSVL7NnSBI3IhvOrl/MU7IYLJymLnjI1GCYtSUfii3WkwohkEVtnnWfprWCrY35a4Xe/xKn0vnqxvNC0Vd/kKNro0N18F7RDWdupck0fZr5EKKSM5DIZb0y90r+AIugexlWG5GN3P55OwmLrka+DMYl9z2WEffs5p+nReafSmq1v6iFWA2uapkrSVikEt6AL3eG2siPlix3U0nHvPaE//+zVs93cC/POoCHJkcMU3m3K/aLy0YUuAPw8ghScbx9gXMxKWqWPblB9882lGNDtoHUjdVxVByq4O+JvYPmBhIQSdOMCnkfAnHwYE0yzCIlsmby4Rc+q/yS8GpVKcSWf1xnnY7VQgJtCTz+2j/32eEwPczrCITPVSHNg4c3aGo69T/qZy+oqazP7956HnmIY7T7HFkNSeQu25LKjvFxG/3N+a1fHV94iVYQbd7CJa78+URgvJuAZ568O4F1+DjDYuN+od30xzA1qeYp11v6MonOcPH2d+Vr6n1OMqT6QHlpn/n/sRRCmukUautIXXliyu3IaR825nyLwbIpwFJKuJ2nsVvlUvFSGHT4Zn4+FE08To+rUMp0km8+8rx05SMUfF6xTRV8IrmvRvifox6kRBKtMlknj/5xXmvINNWiZ5SyWEjSiEpIxYuUAQSRulKQf7J7Fm4wF0tWexNRQmhZIi5bD+Ln5h/i099Y9zZ4+Psa8ODqSR1V4tsEbjkFHNy6VHQvw8y294dH2ImWsr871nqpplgWWgiTwikweTvoxB8c/GIUQpC5c2ub/TjcmGIsAHTDqAJz0s6raPvzm1uIdIr9Z/SDVHBAQIj3rL97uiW0zjFEWq5q9yncNMdObbWBGXBNAM9T0yZUKC+C5bPzjElmPzk9xjLcRN9Nwoat0fdoX3CoMuJzeb8ZdBaJStjTQ8h/uerUX/MAWVAeMOzenBgf/cugw8/fCLBSG3lMni2364L1j6BGDm5yklziAZ1P5RRCKNX81wCZntXVUr2QFCxbk1Ho9TpvqRN2LcN8/5jXi2v9BbcZlxl1ej8M1pRKxurOeAKWa5SU/hfg==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MA0P287MB3378.INDP287.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(38350700014)(13003099007);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 RM5+pTCtsRl16D0l839PJEatHvhRYoMiSRCj1mVF9t4ax5Y8JPAKS15+y8++rEGCXwfZCLKRh6QIjw9RtyVuQ/BmFZxXmejXtdMQF7JPLgaKntjdigmAn3idcboKDlOKRBu6+YGR01pidqLqoq7S6T8ECxg3Ycb6B/pQDzkN6deSQDuYx6eeMvyZFbC9Y5kQ/S1/8Ii6tmhQi+Us5+C0o4nGeI6vt0gKFQwT6NthBazH1Dtjr4WqbqfQOYhox1kY4KtI/gHHgtGdtGkmyzoWYptHiRE95S4qsmZ9KluD0GEftCvfHylrcGQo7az/u7gNZZ1q0Zv92OWEkj9pte19vMLmMOMy0Q114BxpOWU3yaRNQommbV8TvoqxKhIGhL3iXrvJBYY+smzzgz98LtS/E95UxNbe5chjJh77Ias/pOVnwOf74lGX1tBg2JET1OqOj9Ax/JO0uUxZmF9snKESq/B8oNPGZMnS3/77yriQHTD9JPQfRXbuNuT9eH89BzkJ8iZZD1x3NIqmgjR8Uw7cm8Uz73zzbmUsG5Wnva3O7Qo6/H4L2LUpUSikk4ZX5nad/t9SHhZReLFV+BsAFe/NSV9ophCHzT/EZL2pz0xp/qjl7hh6uwTozqRVbjKhbZ1oey3rWBFJjeC/R3V54sdiu2yojI1KPHEQ6q/RXghgV4rIaOBHUFRYc9K+UjjqnO+tLU60Gk+WYHVWdZSz8i4ChjMI+vaAi1+VoHTimD1DiAYXoo58LeA/MNwS4FYI+4Owvv6cLhbm3UYrYJ4N71OeLyzSvXbllKqy9U1rXvsrDdpcKn2zt1etauS5Z0dbdGbB46niaQxtRTr1i3cgc3Gqv8aBbhxTUn1LlIL+syDPJaFliDyzL93QVdW5tIYQO7g89+DIBgOAj5D/xdwwfWTUOEl43FCbVa3Yvyw6OxY+jCgpOskFCs1PpGtTvSc6gEnBOPiVi8AvkR5mWJkIgIrj5C2Kz8BSZbbtiJyAJlWrd/sqbrv9kA+dIitinPZUDgewd9vPv8LWnyhqr6L5mmejeYM5CrM184hTiRieT7Uf3M61b0mSu9ds+lsv6Zalxi4C8cHgdK+117+TFz5RqCd0CYnrRWlT0kbElcvBiPkz+dL0zxsfUbd9mqFeNb/cDiRX3AHSYXDYNkBJvfZPVuBABhLvow3J+un68pO3uia6tn8BLK4Treoy7O5KlTFqrbXcfOodDQeert6wZq7DcSB67gBv6445vv4W/lTSCpoxfFBf8gn907x+n0SnrfPb9o18uUDSrA39SVuzObLj6IQ0TQnXsl0m56lPllR96Wx1DtLj1LncCTyRLrQLcPJsWXU7Sgh0LdmI5vslLiGcapMIltdJkJ4qrJigVxyWxH6lRc8qwkn1DPTrZ80x/rXb/txIGuTJSv9rMK+FgtAS7rOjfpatGoDusGX0KteNvYpd/SFfUM2ZrqDySXILenl22easOa6NgK9ixU2SMWvSWDDzuVYO2q1ZtN7gXrOOlr2azG4iJobKieisM9WoSh6m5HSVUIsJq56nY98G62Lr0bqokjcTHspcpcR4coBsQnO2Esa2u9YFGzeBwrqFyY9cxd5LhrVWCyimpthVk6xsHoBYMdiMOiuXP1sG+9AIcLoo+H4=
X-OriginatorOrg: bmwtechworks.in
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 7e0e63f3-fcaa-4402-5a1f-08de398f2982
X-MS-Exchange-CrossTenant-AuthSource: MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2025 15:00:17.5952
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 970fa6fd-1031-4cc6-8c56-488f3c61cd05
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 rZGOUAOqUTm5vuHbnzmK9m26BBdoYNmXoOLIUhmRiQqJK0g35LOmzvMcRCDfk/kvGiTSWCte+vAr5CYJ2JJFK4YFnRG3XUVa2Mka9XUgIsshV94tIYtf6PhWnTokg76f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PN0P287MB1122
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 12 Dec 2025 21:03:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/122626

Backport the fix for CVE-2025-57803

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/61f444e5457e4e506c73f18460133c80c235ebb6]

Add below patch to fix
0007-ImageMagick-Fix-CVE-2025-57803.patch

Add below support patch to fix
0007-ImageMagick-Add-support-patch-to-fix-CVE-2025-57803.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
---
 ...-support-patch-to-fix-CVE-2025-57803.patch | 58 +++++++++++++++++
 .../0007-ImageMagick-Fix-CVE-2025-57803.patch | 65 +++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |  2 +
 3 files changed, 125 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0007-ImageMagick-Add-support-patch-to-fix-CVE-2025-57803.patch
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0007-ImageMagick-Fix-CVE-2025-57803.patch

diff --git a/meta-oe/recipes-support/imagemagick/files/0007-ImageMagick-Add-support-patch-to-fix-CVE-2025-57803.patch b/meta-oe/recipes-support/imagemagick/files/0007-ImageMagick-Add-support-patch-to-fix-CVE-2025-57803.patch
new file mode 100644
index 0000000000..ef570a496a
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0007-ImageMagick-Add-support-patch-to-fix-CVE-2025-57803.patch
@@ -0,0 +1,58 @@
+From 558a3a71c2b107483d8e88cd2d20242358b6633d Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Fri, 5 Dec 2025 13:43:17 +0530
+Subject: [PATCH 1/1] ImageMagick: Add support patch to fix CVE-2025-57803
+
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/61f444e5457e4e506c73f18460133c80c235ebb6]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ coders/bmp.c | 17 ++++++-----------
+ 1 file changed, 6 insertions(+), 11 deletions(-)
+
+diff --git a/coders/bmp.c b/coders/bmp.c
+index a46448a95..703ad0483 100644
+--- a/coders/bmp.c
++++ b/coders/bmp.c
+@@ -968,18 +968,18 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
+       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     if (bmp_info.compression == BI_RLE4)
+       bmp_info.bits_per_pixel<<=1;
+-    bytes_per_line=4*((image->columns*bmp_info.bits_per_pixel+31)/32);
++    bytes_per_line=image->columns*(4*(bmp_info.bits_per_pixel+31)/32);
+     length=(size_t) bytes_per_line*image->rows;
+     if ((MagickSizeType) (length/256) > blob_size)
+       ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
++    pixel_info=AcquireVirtualMemory(image->rows,
++      MagickMax(bytes_per_line,image->columns+256UL)*sizeof(*pixels));
++    if (pixel_info == (MemoryInfo *) NULL)
++      ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
++    pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info);
+     if ((bmp_info.compression == BI_RGB) ||
+         (bmp_info.compression == BI_BITFIELDS))
+       {
+-        pixel_info=AcquireVirtualMemory(image->rows,
+-          MagickMax(bytes_per_line,image->columns+256UL)*sizeof(*pixels));
+-        if (pixel_info == (MemoryInfo *) NULL)
+-          ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+-        pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info);
+         if (image->debug != MagickFalse)
+           (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+             "  Reading pixels (%.20g bytes)",(double) length);
+@@ -996,11 +996,6 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
+         /*
+           Convert run-length encoded raster pixels.
+         */
+-        pixel_info=AcquireVirtualMemory(image->rows,
+-          MagickMax(bytes_per_line,image->columns+256UL)*sizeof(*pixels));
+-        if (pixel_info == (MemoryInfo *) NULL)
+-          ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+-        pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info);
+         status=DecodeImage(image,bmp_info.compression,pixels,
+           image->columns*image->rows);
+         if (status == MagickFalse)
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/files/0007-ImageMagick-Fix-CVE-2025-57803.patch b/meta-oe/recipes-support/imagemagick/files/0007-ImageMagick-Fix-CVE-2025-57803.patch
new file mode 100644
index 0000000000..9a26aa6892
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0007-ImageMagick-Fix-CVE-2025-57803.patch
@@ -0,0 +1,65 @@
+From 9624a36f5c77d81cfdce20d0978850fa0db1543c Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Thu, 23 Oct 2025 23:41:32 +0530
+Subject: [PATCH 07/18] ImageMagick: Fix CVE-2025-57803
+
+CVE: CVE-2025-57803
+
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/2c55221f4d38193adcb51056c14cf238fbcc35d7.patch]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ coders/bmp.c | 31 +++++++++++++++++++------------
+ 1 file changed, 19 insertions(+), 12 deletions(-)
+
+diff --git a/coders/bmp.c b/coders/bmp.c
+index a46448a95..beff10bb5 100644
+--- a/coders/bmp.c
++++ b/coders/bmp.c
+@@ -506,6 +506,10 @@ static MagickBooleanType IsBMP(const unsigned char *magick,const size_t length)
+ %    o exception: return any errors or warnings in this structure.
+ %
+ */
++static inline MagickBooleanType BMPOverflowCheck(size_t x,size_t y)
++{
++  return((y != 0) && (x > 4294967295UL/y) ? MagickTrue : MagickFalse);
++}
+
+ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ {
+@@ -546,6 +550,7 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
+   size_t
+     bit,
+     bytes_per_line,
++    extent,
+     length;
+
+   ssize_t
+@@ -968,12 +973,18 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
+       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     if (bmp_info.compression == BI_RLE4)
+       bmp_info.bits_per_pixel<<=1;
+-    bytes_per_line=image->columns*(4*(bmp_info.bits_per_pixel+31)/32);
+-    length=(size_t) bytes_per_line*image->rows;
++    extent=image->columns*bmp_info.bits_per_pixel;
++    bytes_per_line=4*((extent+31)/32);
++    if (BMPOverflowCheck(bytes_per_line,image->rows) != MagickFalse)
++      ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
++    length=bytes_per_line*image->rows;
+     if ((MagickSizeType) (length/256) > blob_size)
+       ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
+-    pixel_info=AcquireVirtualMemory(image->rows,
+-      MagickMax(bytes_per_line,image->columns+256UL)*sizeof(*pixels));
++    extent=MagickMax(bytes_per_line,image->columns+1UL);
++    if ((BMPOverflowCheck(image->rows,extent) != MagickFalse) ||
++        (BMPOverflowCheck(extent,sizeof(*pixels)) != MagickFalse))
++      ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
++    pixel_info=AcquireVirtualMemory(image->rows,extent*sizeof(*pixels));
+     if (pixel_info == (MemoryInfo *) NULL)
+       ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+     pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info);
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index c209faa29c..3566932fa2 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -30,6 +30,8 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://0004-ImageMagick-Fix-CVE-2025-55005.patch \
     file://0005-ImageMagick-Fix-CVE-2025-53019.patch \
     file://0006-ImageMagick-Fix-CVE-2025-55004.patch \
+    file://0007-ImageMagick-Add-support-patch-to-fix-CVE-2025-57803.patch \
+    file://0007-ImageMagick-Fix-CVE-2025-57803.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"

From patchwork Fri Dec 12 14:59:44 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
X-Patchwork-Id: 76402
Return-Path: <philip@balister.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F4091D59F46
	for <webhook@archiver.kernel.org>; Fri, 12 Dec 2025 21:03:43 +0000 (UTC)
Received: from PNYPR01CU001.outbound.protection.outlook.com
 (PNYPR01CU001.outbound.protection.outlook.com [52.101.225.65])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.14856.1765552577479725594
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 12 Dec 2025 07:16:18 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@bmwtechworks.in
 header.s=selector1 header.b=h21WYFyK;
 spf=pass (domain: bmwtechworks.in, ip: 52.101.225.65,
 mailfrom: divyanshu.rathore@bmwtechworks.in)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=bS3nYdwE7ReKGNxMxD8Qo/pLYbjLzsb8XeKllyqp+tnYKqT3i0i/8W7xUJF6fE+XbT0BtwIgOYWKUKVzNUdKe0ox3FZ8tB0wtqxdITX/GFsKyF9QJOdMuFJWihiFQbEjOGU79GwQRe9yWCoJzXzCZViUDlHTBzBO90AU72tu7IxRrPkXrYub1UWaz9yNuNrfRNC/nvxIo4QDnrUj5UJI2zK6HXPqQm4qBh+2ya9R1jVQE+8Mxg/WULmTF/a6aUEgP58Ugve/hBz28V681NhxwNTuY8pGsTteJhV9WlyfHSIdlXhriE5i+A2caLEWQto/b71xtzxWyuMBZSNScXjWxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=bHqheRIWs9xYJJpkPwh0cR1xFggJH1i2ga6dLkPQHLM=;
 b=IfhIQMCPlr5j/wpc/Z/nE3XHSgc38QlUffd/gqHa2WWf8WqhMph0kK4GRdmcwCHcRrMuH+zFoORoX+R6gEVESbJDcC4sqXz9+dy4Spxbyc/Of4LjL+cSGqpAvnjoGgwLgp4heF5NURqRncn0LqS8peMT1pphfVA/oqc+ebY3xrXmkLF/amG13LTvdD1tgcNc3cjH4LkLOnIhxbuOrKEzdZtIWomCjdGoL3TldbAoxYX/4oP+MEKHuHZiSyFt9Nk5ulGLzah749EvbongUPE24AVxvOKkuBitsmZ8dpnzceS8bcjGOUIQ1fzDYYwSrmEPkuBlu3GP0Ffic24qwsRSeQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=bmwtechworks.in; dmarc=pass action=none
 header.from=bmwtechworks.in; dkim=pass header.d=bmwtechworks.in; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bmwtechworks.in;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=bHqheRIWs9xYJJpkPwh0cR1xFggJH1i2ga6dLkPQHLM=;
 b=h21WYFyKqZfDTL2yExn7HhpHXigNzaPvYcxGjpRIXn3VWATSXVSQrPoqhz46WuIpAwdMxbvMbUm+Li/dfAeMSc4uxqA8MGq0CudLsRW4AXJ0vb1GyT1YNg44lQ8Rp+6eRxeJgtTDAT1P0uLzVNXnEXTZwIti/9UD9L8g7rqjqWmX8PDFq8y5CazxVJEEZ3eshFmK38ZN1/CdBQ8v06NgpYvGiE5EkUCPOpY64Dj3NSGfAhUVq7Y80v/6nlu6+ZZvmJ2nL+1hR9mpYgUgaSmoknN82dtA9MUaPHBrI7wwxsfoByTwraXROKGfUyrnr2ZLveEiGjpAugdX0rbePylVLw==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=bmwtechworks.in;
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:143::11)
 by PN0P287MB1122.INDP287.PROD.OUTLOOK.COM (2603:1096:c01:139::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9412.10; Fri, 12 Dec
 2025 15:00:18 +0000
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483]) by MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483%6]) with mapi id 15.20.9412.005; Fri, 12 Dec 2025
 15:00:18 +0000
From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
To: openembedded-devel@lists.openembedded.org
CC: Divyanshu.Rathore@bmwtechworks.in
Subject: [meta-oe][kirkstone][PATCH v2 08/11] ImageMagick: Fix CVE-2025-57807
Date: Fri, 12 Dec 2025 20:29:44 +0530
Message-ID: <20251212145947.7434-8-Divyanshu.Rathore@bmwtechworks.in>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
References: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
X-ClientProxiedBy: PN0PR01CA0009.INDPRD01.PROD.OUTLOOK.COM
 (2603:1096:c01:4f::14) To MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 (2603:1096:a01:143::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MA0P287MB3378:EE_|PN0P287MB1122:EE_
X-MS-Office365-Filtering-Correlation-Id: e6d03139-634c-44c2-1a73-08de398f2a61
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|52116014|366016|376014|1800799024|38350700014|13003099007;
X-Microsoft-Antispam-Message-Info: 
 VAIIMwpmJzYnOpOY0X2aBqjrnqYpGrJ9Nx6VnNt5TMsZARRHGya891BVoawR6xdNZMKw7h2EEUULgRnbESJWk96YEuhjTnfZC//MgHhaUYCAcU+UxBBNap2rCyOtkrU4pFLANUsigzY+BN7nqV51R8eVffoxCZe7RsWnGqB1NXsBuh3585YTnFsI3xI6rTOfNNN7684W9ZJFzARGA8aezF+0PywXl4aUtYYnbSYGwugTOmXqyrov+0t2+mJ5nK07ICtyE1z0q6It/o8TlU/6HRgdywAa3GwiAcf6w1AJBRh5jQrjZJlS84iNvDnNxcMO6GBFOSLkEstpa9FJ9mxYp975w6qZiKK2/+VL/hzzd2Tytz8JMAafK495S9mCHBrERcF9OutHoVLNEaUAuXjx1Q7vg1hnDDDZF6MpZrZAXPgNElnWX+PTqjcCx8aXU/csnNnHfdbnotGcApPFa5LbAKcXnuuF9LG7DVg9RjXs5n5d3JDUCAqyxSpwniAA2/fftH+s55y7/pPFV0TK5Qk7UoZbYb5T4UqnePanDzGtLlpUlOOGi+ASP2orXfaCZhoKgJObyBL3UvmXwifSPLE/D9HFW/pbQNxktQvaRv3LR45IsdZDSAIeCzyp4Wo6sjaaHUsJS+wylbk7pQT5nbai/gsspjp+CkYYedi2wcIFWuECMZ4hfYAY3aThquaKSfwWUIeKB+25Aqm9i12QS+iZ5KOHTidzyVVOrjFzqT9caglp5dNijE3qtooSSUBjfgCCPxyoMM97KZZJb/EVrtafqV6l5eJwtVjSBKlt0RO+bszDY5v1K/tfDMQCvoEwQClLGRi8lrbs8FFrYeBX6d6rVCBqBymT5PDfUv4KBzykEf4f0hjDkso1vAG3a08RQQwfubs84wH3+zSOZuHl2VWXVVc8Hin49EBkHXvJMTwvQQyQHWHwCoKtxwb9G5fn8OgfzJuGHH6euKP9pVHhSVZ3ZH6MG7qg4+vNqF31moW6YBiya0KbpZnA25eieZtK4DnJY+lw+j6xPnvqjbWBQ+i6NsJewXwEHCTdFJz3gJfd4DVkICj8W0Tv84c8MNUsIKWEjW0KXWVLx2vQxBWN9QAPjNACJeIh9rb6rb0hWsYtUeYJjEQ3EucLkKQig1dgxoHveDRPdyuZ/BrtqqXA5l7IB1vxmHEY2x6X4Lc+xDFLuumuLpRIiLz5DD6eW6aCboprwdCptQCF+PpoVWQzjNrBCA04l8EE+cXv/eZh/CNdNuPYTQ6ec/b5VU0k5gS6F10ZZRR/Ygar1RPTrCdc9K6TPz7WbyRX36wo5OD1RU21TTw54DnPgodvvzHSpIuNKO41O9ITrR8c3OfzunUB8JgdVzie/ayh8uEwVEG5F7HPf3eQ/FgnRDR1VTL0Cc41zSQXAQldiXdJ72tjPr5Mj3mKYXId0nDEnMb98ZBDXuDqvH5Z99ZPRx2mq+MmIOYqA9W37dU1+iHl4F457Nm+ZIZOlg==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MA0P287MB3378.INDP287.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(38350700014)(13003099007);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 i4RZFxMX3QzFWUaK6ppdQ7RWHUXnAhVEOBO4DZUHwuLS+YfjVLCvwSOhU3ggrct348uryPTIjxm4AI1X1qV5O+PmxpipiCh1pOCqaXEap2iekgoFyXXEMvYdpiwfRZoRo8nYlOq8TdwhwhDl7E7JnPFi3WeLLMLxOJlZlltu75kE64xhyRRz36a+TPaKnZ4ZsRfAwslOukQda2h500IkuJgXDHipNUMIHAlymDnzikJilSzi57ZE5qqOVM0FlSwdApyqRS6bPOu+Qx+astDMLqSwO3Xm9Idqa3Bd/pVAbw5g9g1g72e0s1sbisH43Czt9V7ihe63j3DhgNIx2maJIr5gkHBRiLYOhANDFmdxDaPOKxWzWQ6xq9Kvm4XDIhhAHbocpDlh21yDY4m2m4t8iYXuSve/xq0Zw6jsV2WxYQzsRZE0ee7QJ2gnHQMtrF/1izz/A6SflqvZTiLoSK+Z8xXiqSbjYpV5R/gaC4oFaLRV/b+uoJiNFB73etZYic/6UFIk7FsNYuiPU+ofh37PosMCUkL6FOQ4jxzZa1PaVNbRy2zx200XWviw41JERsB87KXZZ1bD3PFJnPYEjj5ufpo31RWg73809ywbA5pBNcfLD81FVbzYFFIxo4PZdWp7jbwFXxxb1NQ256pu8HbVhE7OUJqGpbmhZzDGDbvwnAwQgdlJN53lImYHM7dUngveQys8FoUiLYF5G0HLR2k+md2akgqVPxN9oOeTGuWxCec63jm0qGPGcMfzz7z9bgsTu/qcu3cAtkFoY59+ZfbYcICBRjqySmjITY4YnUazVpsBmK8n0p+eXCEjU52TceoTEfQcCCbieCgu/RE6dv6b9Dp46/Kx58JA6LI45NiQzd0BJogCyTTdLN81zf6d40k7SagOq3E7xQhfSEfnXPIzI8n54OtnQgYSxziiMFzUH8ntVqfew4xnwzmTYWGtau58z6ZVRsOCMxIq4VNnCRMdnlO/TciVE46j1uzt0QvSg6Ctf8H9XOVyz4B8ijF60lfY3LppmqM+NqoTZkCQ2M3Pwy0W9zgSXLH9vWfPW1wAFBUsw1tNn5BKdM6KGjgA7ZpuVoQFInYUHuG4/dISLrUlU+y/BOMfrtJfzsQh78LRo8rHy76xg++3n3JTBU2jTdAPX+qiaORLbajKqqSMA1OJP2eEYEjitRJiFhNgFYvYyYAPrHaAK4QbLYWpJLJBA2SgXvPXpABZjbcltiXlVQp/LdvWpICTrrm/ISjVoHtyaSrCvrJqVFqL6jl2vhbzYRHKtqcbqprDXCWejy0ZxRStnDOYVgENqja1u3/SQNRc+2Tmkp5e3fec+ALaAxHN+dYaG6iSP+5moCfCevmCfZnKT02O8osGymAm/quUlF1l0hnmre4RJl4Fl8zZ50kz6pB3I5u8TdID9P3y9LRi4a5nDUUzfjfpQVsEvZL1L5lKjNfr7ukILKPhoKYz0dWmJ+H6M9yjnhn/kvP4bOtiNqYxUymKCUgJq+WZvk1K7BpH2nYdMoK+bxmECLYdZCIPuRMUMzqeykLlSOU/9hoySp+OH8WGtJEnsNKPMykX2zo4FbCTfxrWLlB7RsrtK29Gna6Cixl1y8jWu2FfpSDwxXsp1a/NzL4SA6vyT9FkoqIaHfk=
X-OriginatorOrg: bmwtechworks.in
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 e6d03139-634c-44c2-1a73-08de398f2a61
X-MS-Exchange-CrossTenant-AuthSource: MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2025 15:00:18.8086
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 970fa6fd-1031-4cc6-8c56-488f3c61cd05
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 gdI7vRpwv9Ja8QaGHzvbq72kw7JhEGlM7FGAa4y1M/9wgWh+/OXGOeeuzOFDr8wdMaQto9iXUuJoQedSKB0MkjU6x2vVrJZi9pxc6kVib10ByG08MbjivYDJ6YV6k4k5
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PN0P287MB1122
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 12 Dec 2025 21:03:43 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/122625

Backport the fix for CVE-2025-57807

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e]

Add below patch to fix
0008-ImageMagick-Fix-CVE-2025-57807.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
---
 .../0008-ImageMagick-Fix-CVE-2025-57807.patch | 51 +++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |  1 +
 2 files changed, 52 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0008-ImageMagick-Fix-CVE-2025-57807.patch

diff --git a/meta-oe/recipes-support/imagemagick/files/0008-ImageMagick-Fix-CVE-2025-57807.patch b/meta-oe/recipes-support/imagemagick/files/0008-ImageMagick-Fix-CVE-2025-57807.patch
new file mode 100644
index 0000000000..a0aab8afc3
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0008-ImageMagick-Fix-CVE-2025-57807.patch
@@ -0,0 +1,51 @@
+From 3d1a6ecbeff10e05d0609125b6feec9ecace7b85 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Fri, 24 Oct 2025 12:37:14 +0530
+Subject: [PATCH 08/18] ImageMagick: Fix CVE-2025-57807
+
+CVE: CVE-2025-57807
+
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ MagickCore/blob.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/MagickCore/blob.c b/MagickCore/blob.c
+index 6a15d4808..38af749fe 100644
+--- a/MagickCore/blob.c
++++ b/MagickCore/blob.c
+@@ -1598,7 +1598,7 @@ static inline ssize_t WriteBlobStream(Image *image,const size_t length,
+   extent=(MagickSizeType) (blob_info->offset+(MagickOffsetType) length);
+   if (extent >= blob_info->extent)
+     {
+-      extent=blob_info->extent+blob_info->quantum+length;
++      extent+=blob_info->quantum+length;
+       blob_info->quantum<<=1;
+       if (SetBlobExtent(image,extent) == MagickFalse)
+         return(0);
+@@ -5774,12 +5774,15 @@ MagickExport ssize_t WriteBlob(Image *image,const size_t length,
+     }
+     case BlobStream:
+     {
+-      if ((blob_info->offset+(MagickOffsetType) length) >=
+-          (MagickOffsetType) blob_info->extent)
++      MagickSizeType
++        extent;
++
++      extent=(MagickSizeType) (blob_info->offset+(MagickOffsetType) length);
++      if (extent >= blob_info->extent)
+         {
+           if (blob_info->mapped != MagickFalse)
+             return(0);
+-          blob_info->extent+=length+blob_info->quantum;
++          blob_info->extent=extent+blob_info->quantum+length;
+           blob_info->quantum<<=1;
+           blob_info->data=(unsigned char *) ResizeQuantumMemory(
+             blob_info->data,blob_info->extent+1,sizeof(*blob_info->data));
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index 3566932fa2..351e1eaf8c 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -32,6 +32,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://0006-ImageMagick-Fix-CVE-2025-55004.patch \
     file://0007-ImageMagick-Add-support-patch-to-fix-CVE-2025-57803.patch \
     file://0007-ImageMagick-Fix-CVE-2025-57803.patch \
+    file://0008-ImageMagick-Fix-CVE-2025-57807.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"

From patchwork Fri Dec 12 14:59:45 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
X-Patchwork-Id: 76398
Return-Path: <philip@balister.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C2886D59D99
	for <webhook@archiver.kernel.org>; Fri, 12 Dec 2025 21:03:43 +0000 (UTC)
Received: from PNZPR01CU001.outbound.protection.outlook.com
 (PNZPR01CU001.outbound.protection.outlook.com [40.107.51.50])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.14954.1765552485003980206
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 12 Dec 2025 07:14:45 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@bmwtechworks.in
 header.s=selector1 header.b=EBc+7uzR;
 spf=pass (domain: bmwtechworks.in, ip: 40.107.51.50,
 mailfrom: divyanshu.rathore@bmwtechworks.in)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=Bqjf3JBYGuGC9zkJ6XMaY0FL2Rt4jO5fAn7JXPf3fWrbkXdqQ7l+P3gHxAJQiHCcT+Sz+Sgp3MwaEm1VBQP5VNzkcxtPBlgKSgj7LnvHyy9eZtOWkHAOgKZ22tgYzYMtXyEak7D00hyq86Clt1TobQFLeVaiN72z82Z4RyoHH65cfA/zOP7GrCRdnoeQ1PIO0iNivgPoB+lPq8H/IpBL9v1bq1jzfpaMYwZ7TEEjJ8AUcfg3X2pPb3UCrsOk14j6YMLwxtT9tleOc+5LwkKxS0khQdMJOcqQ9tRmBg7bi0Hov41O+vilEMOzdVvw9Vm9r89p/ED01PINXrLfNDaUoA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=hDNlR3bmW+d8yKLyiU8LDX5KT4RgB/dvnp99zEGTZIY=;
 b=qHL5fnU1se8BytuaWYQV18NHtaS74mweSFMtXvem0qCckMpualfZq2HDZJKZ9jICKmLaTNmvZxlJ/NnrJtZetgR3+/s8MCpL9XK42gvKXsja3bHWS6XmUkicKIiCoiAYeo++qrCcfRODjcGhwSWEQ5f6nh7xtHHOXt/w4KME8NuNGEd7KQdcF8LI8gEvJzgC5MGha+xVsdfxm0VDyHD8l+DH2MoszohyLR+1pem4St88mwC2SGfpkoLa96pczt24e6mmvnGl7MNEt/wbD9XJujXTCiDxNygXcGvz8zVsZiJoY175WTFrvMeYQDv9/OjRonw4AtDPqFiOreSdq0cokg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=bmwtechworks.in; dmarc=pass action=none
 header.from=bmwtechworks.in; dkim=pass header.d=bmwtechworks.in; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bmwtechworks.in;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=hDNlR3bmW+d8yKLyiU8LDX5KT4RgB/dvnp99zEGTZIY=;
 b=EBc+7uzRFZetU4ROgRAixx2WGg/XceAD5yI2Ic7akMp0cUiWeGTkPNq3kSXpixDwzdBy4jZAlu//yynjGl17nOBQgOdRBjvh32M27rRdDWYg3p2m1clpCP0Nme9I/U86PsRhlMHOBvhOC5PIUuDGmZ1VUajNyI2ngWN0EaxWVM+MfeApxUfKlBktY37kC1c1ADnrwF8K04JX/fOwFVXfR4n+mtS1hPUneK9JVdT+pekoomyiOTD8ql9ZJI7a/3jmA7Pk9fq6SeKqe1/uRJ59CtCzAuUBfaVqNfaPEupwc6hKekFNO7ZRQ7m5KOyFrogcjRDQDj6vGOrt7ofnae+FIg==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=bmwtechworks.in;
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:143::11)
 by PN0P287MB1122.INDP287.PROD.OUTLOOK.COM (2603:1096:c01:139::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9412.10; Fri, 12 Dec
 2025 15:00:20 +0000
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483]) by MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483%6]) with mapi id 15.20.9412.005; Fri, 12 Dec 2025
 15:00:20 +0000
From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
To: openembedded-devel@lists.openembedded.org
CC: Divyanshu.Rathore@bmwtechworks.in
Subject: [meta-oe][kirkstone][PATCH v2 09/11] ImageMagick: Fix CVE-2025-55154
Date: Fri, 12 Dec 2025 20:29:45 +0530
Message-ID: <20251212145947.7434-9-Divyanshu.Rathore@bmwtechworks.in>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
References: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
X-ClientProxiedBy: PN0PR01CA0009.INDPRD01.PROD.OUTLOOK.COM
 (2603:1096:c01:4f::14) To MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 (2603:1096:a01:143::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MA0P287MB3378:EE_|PN0P287MB1122:EE_
X-MS-Office365-Filtering-Correlation-Id: 3fb5e230-caca-465e-d24e-08de398f2b14
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|52116014|366016|376014|1800799024|38350700014|13003099007;
X-Microsoft-Antispam-Message-Info: 
 KPZcHeFy/0b+2jfqbk18ZQXTDphYuTPXd8jxaoO8P/Ir4J6iEl1TTr/nl4vbzhV2aAtueqDGUrw2AoHtb+6/6/KQtvY/YO5qSJouBRi+pNRvnk9+Sfw8K+vQUhul8dL8mE6iRp12c8UAbwafmfAiTsnDlqKdXt92yiBMT5VDRSwt32hlV5HGvLYkyda2rvDaWcEeB25DEsZarG1QZNwMONPT2f1dZI8zRJfr/yZTUhpJsJfp+LuwHfM392XfUfBFjecR+8z8oloOhMqYjfyWLguPYvgwyi7vhBjg7Hmlub2/jxVRh4sTuuJmvHZZEKW1/+MI2aL1MGi8h7KBts+ghyUmly6ZH05x7dAPCptKNLNBZdddd2UzjMehGnzLqaKfevJLsKo9HHhQ2Ljle7SW/STUR7W+7EBHiGsNq+5Sdg7r1vRX4vh+/nBYVP37b61os/LCJ7mwKPavkHPAaDlhowkDho6GpQLkcfmShzMg90H76n+bRTRZ5KPgmWhz15WLJlu2GJCovy44wTPaAUYzE3sY8jViBaZzM/3WbhUoaVFk9mH7ZJzvEchmo9K+b1qCXlYShjYX2c/jBBmNf7N9xoQjh4Kx4r3HyQqfsknMkDS+O8wv73Ceo2DRCPoNl3OnBRcozK+NeJCniJvQ0u6X8/gECInU7pIlTlWP/m7yIslfNMe21peP20oV1DtCETwn47LH7Bag1K1bVD3jddeZT84W4MfFvEJXbmds29QArqwuUCMiAxc9fH8keCDXkAhGYdKM8J5nYaZvaqq+/7j05GaaTDKgrTkgSVXaZx6P/GOXQ5kIR3Xbl2i+8Z1pabvol9f/hZyKM3P9/ZQc2wzFFflByhVDAVkWDlahtM1AyvtDsHlg6KKb+A83hAspyqmTuiidZVNQcYt7362Qd62V9sq+V8vwtTcdqcLZ4YGout+cGornePGG5bhlFto9c+IOBWiiZchWJ8fBQ2dGCuIpSBqShSlolxCrw6B4d2gb9gtUJ59czQ7OfNx8CQMH9MW6TLDpZcNXU8B/ml/wre1Q9GSH1mFZdBqCe6yVqezxka0BBUDRC+yCgIUeN4s6EHNVa3EkZ9edNWxzwlSSfLHcIf05NSppYWZ1Gye9Gi4l91PZ6PpstX4V9HNoHRjnCKPxIN/ATQu9RUEN7OUJKXdXMRtAf+DgtylhPn5fqFK6Q8CTJy/DBfW9+KYHl1BdwgQXCEk9c+GJAT1AErZmMuWs2rXeWhG0T5dT4bpEAuEs3BOS/dN0GiZwiWpK16BMYUXSCMDvDRCnFgzATmB8bHzZ78m5tNwqv5DW4ZD6hjc7Z+a5jXzSxRNFzZizKfvbOKsRPzSv8nDdgR6BGp2P4HVCA1enjNPapeVsZMpeT9hn3Rt1VPJZMiBjPAKZBQWu5BnO8ZVYzZ1U/XL6wgiRCx3Q5w8/otfecWlC/FZSxV1TBAJ5HtQKC3Lw6v+/QwVUxlnabsGZ7/acBB8o2wQ66GNbbQ==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MA0P287MB3378.INDP287.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(38350700014)(13003099007);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 yYZ5u+DMyEJ7Ixx51OIwVZ5xC1RiXtRkzOzzPLn2HXcD8YXm/0AEaAAJTCWzruwruwu6PECzUReDRrJxWNTAvenMO5Rj5ebveWZAmlbsJWZXBCP1TDeXR3kXQsrcJFzjIKT9H72Et/BPiWdNZUDS6AKHyng01bU5/4/XoZv7yOZWphp0EqY0eOZnJIrexouoVGLdAbk/v2W7JgxR3yecgh4bE2ayw7j8fW8UyQKG73/09pe/ARsM76N/X8cF09+NrlQ9G+TKYpel3kOp35u9L54G+vfONMWumGgjY26AiK9ICgl9zWekbMqZTYnvHAOh7qyPYpJcAWAVHKn5QQJUBpbdWMvyy/WzT43kDJ0Iaw+ovDV4kuFkhIh1DqM8zCWGNevTkr2NP6O2w/kI5uBCcI5CjryaDnTXXUYlfM4eVe6Wo1byg2TXfu3NSIxT+4KWDiEfC0WZ60xozZYnAY+BG/mjtQO4PM2bfXIp0XAwyrkz/WpfW5/MzHQPiEASjz2XCAC09oMNWUNnSRiJzHDZ8DEYa/ixt+aa713TgmPstcq9fIBgtSLo+IMgxV5E0RjDhwJ0RILn3rL/p5lK1bkDXQhDLZKCBHUcG6ZspVcMYa98veQKxURnrTPXWo6eR9gpN/jGAKmWSxFcQmaJuK37ga5YZ2YTg8IXz8gAV13tq8AVSsO7G5Hr4t7h+wm11f12P7c2kpLtiiKedC3yrCO4jpVl8k8Vcob4uq6Js8p5PPWAsDWCsoBUaFAvj2CRYpUx5VnXMC610bSolJBJTBwUhv8Ij+tufdZuOlFrcsOaDnZvUSlfLP1OG4xZGMGa/ujbC/kiRPeEB95lYgSWA1W5+y6CBOD0sB+H62CmapCWYQ0p+2KHb3/zMKRafIY8TwGwUWbrG5H7v9o5+oxnzRcuYqA3Grg5YGTr9QZ+mJ8K4LPQkTD2IF4p/fQ0No5FBY3FZAkiuy913eTItg5VxSNCaH8kzb6Rf8l6qVdAr8Kmh4+XksX+2ziWx+b8tU7hdHzhEj/kEVsH8J6ZdxhjBkyK9iYZ34my+Hd3jdvITZa1gY81OcWST1gT9e6tJn0ByP5kh4RZgmeoNyU//kXIL9CzkdgLld/RbSBDUmoG8ejkKmdeBRKKPk8vItFu9hjzOtj6d/nNEdKFCODwsqBti8H3Ng4+PGiB3mFFQOrF5PQkisHXODTWV6URiw4zemBpXjpsD5i5PVztZjY3LkiUtx8pdEp7/U9ij+3QxY+wvoL6sD4Gcf3krjzsyOHSphi9SeHxkmtFB2Nvsoo8sk4HKEgNfZbq9mL9XGLHzPKMcVyDTrm1SfR+/Jb1o7wSf8wfmRf6qQwr5jIC8LVjd5RTTNfT78GjWyaEvwLRJCALrAcL0gUTN+6TmfsCqQxBLb/sETmf/pFeofrLr+I3G7VeLeJ+rnZf8pn4hA6KY3th0/O1FuhhYp+Kn28ZlroI/sHYn4Ref/xSr8hHFLddMfw5Gmf0/SE0GB3NiTL4s1mdzetugwr3bYtBDrLKvNETCgzA7NnG+lBAgmcRLjOKZm+E2rqcbo/Mq/9mu9K2XAH0I93EC7NWMAYZ9AFl4GBu7UVtoQTqhhI2BAmwXN15OQxCsuNCkw1vTM0+PcdtP2TrXQPnFoc=
X-OriginatorOrg: bmwtechworks.in
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 3fb5e230-caca-465e-d24e-08de398f2b14
X-MS-Exchange-CrossTenant-AuthSource: MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2025 15:00:19.9956
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 970fa6fd-1031-4cc6-8c56-488f3c61cd05
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 ht2alc+ib0+HtQ4Le70ORV5D+VhgOQTGboSs60Vxe0toW9AwnCePs/maX6wDP7KI/8Zjlmv3Zl0XS0ESnurYdt1vw12OIn1Vwh+3LyG3gutCicxixNKtiYmuT6EdcIJ+
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PN0P287MB1122
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 12 Dec 2025 21:03:43 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/122616

Backport the fix for CVE-2025-55154

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/db986e4782e9f6cc42a0e50151dc4fe43641b337]

Add below patch to fix
0009-ImageMagick-Fix-CVE-2025-55154.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
---
 .../0009-ImageMagick-Fix-CVE-2025-55154.patch | 84 +++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |  1 +
 2 files changed, 85 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0009-ImageMagick-Fix-CVE-2025-55154.patch

diff --git a/meta-oe/recipes-support/imagemagick/files/0009-ImageMagick-Fix-CVE-2025-55154.patch b/meta-oe/recipes-support/imagemagick/files/0009-ImageMagick-Fix-CVE-2025-55154.patch
new file mode 100644
index 0000000000..96b8edf50b
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0009-ImageMagick-Fix-CVE-2025-55154.patch
@@ -0,0 +1,84 @@
+From f7f5f0f11631dcbd50c0b9a14e7fd4d794eff744 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Tue, 28 Oct 2025 14:12:27 +0530
+Subject: [PATCH 09/18] ImageMagick: Fix CVE-2025-55154
+
+CVE: CVE-2025-55154
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/db986e4782e9f6cc42a0e50151dc4fe43641b337]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ coders/png.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/coders/png.c b/coders/png.c
+index 343934ce8..e730edb03 100644
+--- a/coders/png.c
++++ b/coders/png.c
+@@ -6841,19 +6841,19 @@ static Image *ReadOneMNGImage(MngInfo* mng_info, const ImageInfo *image_info,
+               mng_info->magn_methy = 1;
+             if (mng_info->magn_methx == 1)
+               {
+-                magnified_width=mng_info->magn_ml;
++                magnified_width=(size_t) mng_info->magn_ml;
+ 
+                 if (image->columns > 1)
+                    magnified_width += mng_info->magn_mr;
+ 
+                 if (image->columns > 2)
+-                   magnified_width += (png_uint_32)
++                   magnified_width += (size_t)
+                       ((image->columns-2)*(mng_info->magn_mx));
+               }
+ 
+             else
+               {
+-                magnified_width=(png_uint_32) image->columns;
++                magnified_width=(size_t) image->columns;
+ 
+                 if (image->columns > 1)
+                    magnified_width += mng_info->magn_ml-1;
+@@ -6862,25 +6862,25 @@ static Image *ReadOneMNGImage(MngInfo* mng_info, const ImageInfo *image_info,
+                    magnified_width += mng_info->magn_mr-1;
+ 
+                 if (image->columns > 3)
+-                   magnified_width += (png_uint_32)
++                   magnified_width += (size_t)
+                       ((image->columns-3)*(mng_info->magn_mx-1));
+               }
+ 
+             if (mng_info->magn_methy == 1)
+               {
+-                magnified_height=mng_info->magn_mt;
++                magnified_height=(size_t) mng_info->magn_mt;
+ 
+                 if (image->rows > 1)
+                    magnified_height += mng_info->magn_mb;
+ 
+                 if (image->rows > 2)
+-                   magnified_height += (png_uint_32)
++                   magnified_height += (size_t)
+                       ((image->rows-2)*(mng_info->magn_my));
+               }
+ 
+             else
+               {
+-                magnified_height=(png_uint_32) image->rows;
++                magnified_height=(size_t) image->rows;
+ 
+                 if (image->rows > 1)
+                    magnified_height += mng_info->magn_mt-1;
+@@ -6889,7 +6889,7 @@ static Image *ReadOneMNGImage(MngInfo* mng_info, const ImageInfo *image_info,
+                    magnified_height += mng_info->magn_mb-1;
+ 
+                 if (image->rows > 3)
+-                   magnified_height += (png_uint_32)
++                   magnified_height += (size_t)
+                       ((image->rows-3)*(mng_info->magn_my-1));
+               }
+ 
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index 351e1eaf8c..751186b361 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -33,6 +33,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://0007-ImageMagick-Add-support-patch-to-fix-CVE-2025-57803.patch \
     file://0007-ImageMagick-Fix-CVE-2025-57803.patch \
     file://0008-ImageMagick-Fix-CVE-2025-57807.patch \
+    file://0009-ImageMagick-Fix-CVE-2025-55154.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"

From patchwork Fri Dec 12 14:59:46 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
X-Patchwork-Id: 76404
Return-Path: <philip@balister.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F40C8D59F4A
	for <webhook@archiver.kernel.org>; Fri, 12 Dec 2025 21:03:43 +0000 (UTC)
Received: from MA0PR01CU012.outbound.protection.outlook.com
 (MA0PR01CU012.outbound.protection.outlook.com [40.107.57.37])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.14983.1765552571543204428
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 12 Dec 2025 07:16:12 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@bmwtechworks.in
 header.s=selector1 header.b=4JOnSS7O;
 spf=pass (domain: bmwtechworks.in, ip: 40.107.57.37,
 mailfrom: divyanshu.rathore@bmwtechworks.in)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=sWvPeEKOwOhTD+uT5/dtuAWmB+L/5rr7vmSWPT36h5VP61llyyuBo0uKoZWtodR/Lu1bs9UUDkpO6nU7PbU5aKqflkIuZYgo4OeidXLPZhep1X5Sp2O+t1faSG1F3jYZeXRYXU7G3QPA6I7X92rzjPYc5hG0OIao5Qp28ly/VWCqf8YfNI9aLhYpvhRmn+YeHiJFLPwAn+dD2DWlOYgXnJBKs9+xtZo3BmWxsA+aFbvPLg2X4FxyMdHzJX02M0AVUPuvrkZslpiqFi3vFGlyoks2PelSfqVGIATFCVQS7e88ENkiIkOGj8CYRcgsmvEkR5arID437zTe6P5Q30q8Ag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=ED3G4irfJq8jd7KD4dZdx8hZZOka4KOq9atjlLvnJm8=;
 b=K8YUfDclNqkylS1PxVF4miuwEuOVrsgY29wCwwF+3q6GpwUeTOnRoCT4pJLsoH7HRswfd/Jym55hx5I1evaKpngdLH1bhLxgSZKshtl56rQo8/9iVQYjRHjNsTlF5N6G0IF64a1RW17772+6ICxwTTnDByNFCmaP3IWjitPLHtcyPF5htpAuVax5oszT/Y/c8Sr7NCNwPxIlz38VEBnIrPz+1ZjlHWfah09G9WnS/jyK7m2BFs7Nn5G5KhGFTBGDZP1H8fNPaeAr5hOsWhcMve5ktT5cKEV9I9pOMI3VgaThscIVdHNMA6jVMXB03ctY/zcXSL5faUQg9F9KDeOOFw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=bmwtechworks.in; dmarc=pass action=none
 header.from=bmwtechworks.in; dkim=pass header.d=bmwtechworks.in; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bmwtechworks.in;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=ED3G4irfJq8jd7KD4dZdx8hZZOka4KOq9atjlLvnJm8=;
 b=4JOnSS7OUVTzWY/QFYSvbFXQl3ZKxjTUU+oiplXrVZw95sONLJErt4D2G/+IkHLweB4PzIC2/udRt4RyyvxP6M4O1aaIAQsWjQsGlDwCYtGbSRmGamv3byvG7ZVFFDVsyg9yii1GFIDDeRxuXRAoaxA7iwwZqo9c2KOO2EVYiau4z8molXKCPj4taVhQAO0Ln4yg9JwkVgzbw1bR8TX/BnOV5ExS+RUuY96dh0Q3/oCYOzysurDro9q56HiK0aDb5YK5XwjPneRXPF6LcyTcmUNX8g9fK5Xr60owSfdU7E4Bk6OEicNJJnEd2nUmz0bAya31JC1+c3LuRxWuUrBx5g==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=bmwtechworks.in;
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:143::11)
 by PN0P287MB1122.INDP287.PROD.OUTLOOK.COM (2603:1096:c01:139::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9412.10; Fri, 12 Dec
 2025 15:00:22 +0000
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483]) by MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483%6]) with mapi id 15.20.9412.005; Fri, 12 Dec 2025
 15:00:21 +0000
From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
To: openembedded-devel@lists.openembedded.org
CC: Divyanshu.Rathore@bmwtechworks.in
Subject: [meta-oe][kirkstone][PATCH v2 10/11] ImageMagick: Fix CVE-2025-55298
Date: Fri, 12 Dec 2025 20:29:46 +0530
Message-ID: <20251212145947.7434-10-Divyanshu.Rathore@bmwtechworks.in>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
References: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
X-ClientProxiedBy: PN0PR01CA0009.INDPRD01.PROD.OUTLOOK.COM
 (2603:1096:c01:4f::14) To MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 (2603:1096:a01:143::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MA0P287MB3378:EE_|PN0P287MB1122:EE_
X-MS-Office365-Filtering-Correlation-Id: 5c3f80e3-20d1-4fd0-17c1-08de398f2c2e
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|52116014|366016|376014|1800799024|38350700014|13003099007;
X-Microsoft-Antispam-Message-Info: 
 in7IizVek76IdQfLMfAl/VnyEPcxVBMKH7IOcr2HsWU+ySwrCJePpP14+eji5MBO/KwB27Bq3+syK47kfm2VRo1rBJDptyTIPR0/BvcdYlfu/3X9oVo0cWpDJJwoiXfN86PdT0Bg+dCWOEE3Qn559nAUOx3YEpWoMa/+kOnPG2IUbd/cOM9W/Gzp4+2UCDVDIw3ujin37m6zjsuVoqeY2bQLvUqiewVbxEfeBEHpHMejyR27z0wdHAXfKvm9sbW9izdMYVnVCJ4Ro1raTAqZXhjk7hjVmkNgQheJzthTNPcGlbgOW0i4Qmp5osB25wkpOKIhUn2eZfn3BC+75KEZGdzy6RJkBwt7JQLwJU8R0GhEfOU1QERAv6E/zCUIJAeaFBQppKa1TJQiWU2hrlJVTYS8D94V9Hv/zWUVlq7d7hM2rfALNDPyh9UWLoVf0tjFx1iJcd8tCbpllwlpBTpKky5hSQ0ukCqRNHIvJv/gqnnVRlyIAtn/k6V4aKHejjUj1XURAKUwa+o5oWmEEGbttEqu9MSogpidzOjF8p2VTtujWhAR100+Lfz+p/gya+9eNtQuuMNYGhjNL0kNWEAYjHrmZJdlHRHAcuJZMAfmy6gmCf/SGP/vWJeJpuqdYFsSwBl1cumNgd39Cf6PvYzmQodTtXddAOrkmj62HAd2zMISgmJFZECYeko2kZIKiIP4MLcMO/xk/rv49xFEHyFwdVYFm42Y0EMGexUL3zazBBQ+0hhlo8o7NunqpIC/8jO6YvfbH9MBRqd8qgGIJwY8yc6ldyLTUP4C1d96GSik+7qmUc5TJDUNLs6uYtqoLRSxRXrytlDk828g6yrb3EJhPLHmChMaiavVpVJ5sD1up0xXXDrUO0hPSB/2pNx4QgbFrxVrkrQWiGRiX87kIrqyuiETRoUwfRnTHwQmjnX5i0jXexOhGRuaQPbqFmu52PqR4X9YVR+9t58MgErEpzCVj9O7WxAJKaWtj046BjwsRHJK5TaeMVuryupP6aYazK5M4fmDUzJT4ktKZvFvNKP6KntvOV89MCA0NrvZpJBgx+Gn/G3okkXPVB4A4rBwx4zc0kyxpSWAPgG+cfxmp/Y6DVjxc71NtcVopTs5RH1imP6NMpE5+0CQfU82S76IELOKc1eGZ5hWKMZwlPmISHZOgX3gjwOfn1VOQzw4z+D57CzYZ1tDS+9NyKJbf0J4rsvqEnU1P8Jnwwz2kqDBdXZf6Wz4FtgB/KsJ0z2UBfV0+UvFFw5idWUJRaAwSel0k6QfOlT7zI11lyNnCVzb3CT7XBPf+yZCKj+pot0qp5ZOzpZap6vsI7FPdOQ615yTW2hhzsHZE6AwZwJgoGgZyX/aZBzs1WIXPZPbmvrQON2L7vN5HUayD7TV2dggMESZy9ghws0b2B2KZ/Ph6djEiODOOyddzl6hPW9r1PnluSDfA0fbjB05q50Dhs9KLuHpnNqAez+hO5yepy5e7aaRwXPpPw==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MA0P287MB3378.INDP287.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(38350700014)(13003099007);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 T6eONZ214eG96zgQ3AKcQlfzKxjKnOaCVGq2VmWF3eI+3jITR9UC+sJw3j+riBtfVmi9R1sbpXnDAdnyHstnkaUe21BWptDZSCjVILvloWBt2e31ZKGpuxZNalOzB3dVJS6MTa9neFZPbsYC9BkPS8tBPF53Cah1tPOEQlVqR4w6QD0BpTdUYsiisVOjnMmlLsX10offZzkPuu3Z63Tsc2jYAx0tWFZbXNJsOp/PBARDNIvdFdSpteD10EiSzyn5rbQ1uEAWhdpM7fZwB6d3HpGb6IKEMck6XA+PsIcl+VBv29X5s7I7xiWFPso5Ea+fKb6leoqsoxDqV78wLCBcbVKy/ULte3FiL7xn5A/b1zfZoB2cu33aSCVLpJhWbwTP8X9fie1SgHfqIKK2wby7PDEQOa1B2dZ+p5bgv2lS1yzbmL7l590be/RqHBhGStJDDO+pQzAAVuLwkhOvu5IA0JhJdNA7iNoXHCMUxYGjJEMZlVA8RMONDBit99I5qfcYDmC4fS7feq1SX7QyrIzQhTP9Jfdjf4X3PHT7v9att5G2pzt6OzHS0Gjcue+jlXLXpnW+/p3AhGYSUgI0/sZ7qocFbCfFEW7LzkPOPDFr9onmEh9InN7tv+24k4y9MG5s2Wna3xVlIglDImYYqZMKkTh6RGX1blHSEyczuJsepP2Bcum7OHk3J9pXk8JMPa8ZXVu+eFo56rkpu4sBiVijEgA05/KYob684oJkJkQpZM8eNN4RsbLE6QqJcHk4qwaDlbuq6wNVD3cRNMCRisMoDUeG7DZ0kvp7bX9NKM1o0cXu8DElx3EL41Yu28p9z4BtoZAaJQh5QFhDF4uUKHCGbovMFxYFqCts8ZgnPjVhh/AWl6lV1gInHGWoe5JzVkIKctShmOH0PYiqAOqPJHSuEMWhqxiTF48KFVmyboLhz8cQFSDK0M2KRUfBIhi+Vak9V19F9Be9vGU+5iJ7H9pGmw7nXSflfx/Hq/UibNQoPJzPKfQ1gaq8WWfFJ1zyWXOpFzi523urW+b6ZyjX8cEsjxD2WlRnLeSgfWlOmN5zNv2Klj4S8c0wBD7kcmmdeZ3mXCu/dHd3icVGKxpNp1NpUHRiRn4kE3K5i2fmsjiwxpfAt3F07BI12f9HUs6Ql7bht5CXwY2IkW8JHTi39pLMSvW/3+LRNCo8eJfMAWGkc1Pk5OM1OGySb5lYrr6TYnCsChHl4LQj7tkL4PHQ3KYWL7dDtCaEycJS1HT3nLeitzFBjQuBQFikL4td0q5qqPnwEunH6XT5oH4f0Gfnz23XIo0o03SyWqCF92l6nJwKTBmEeGM/hQt0TiMvv+czTlyc31+4Is69H/ak4+BV3gefmffWNuoGqcHtG9yIcUJOnPJOimiQaF+aG/MP4WUGYV+/mKs15cM6nmD0CPl8KCNfJtxM41vAYixl0NuW2I5YQqrUFmRC/U/HlibA1G4IEDYsW1n7Mh+Sta813lGN2//W6WVIEsYgE6hsNu5dQ8RirHde9Dn7kAih2ZMspHaAM0rMYTi5mdIg5lcIXc3ipExkOQpZcopyuxhRdxDiKELPCaHLvk3sRlaDj2V6fBjm/SsQt+OM5fcAEelf3GOa+mV3g+VCc6IRTBq09BpPs9WviYc=
X-OriginatorOrg: bmwtechworks.in
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 5c3f80e3-20d1-4fd0-17c1-08de398f2c2e
X-MS-Exchange-CrossTenant-AuthSource: MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2025 15:00:21.8544
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 970fa6fd-1031-4cc6-8c56-488f3c61cd05
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 Z9DkYKAwSF0NKEvpv61q/I15CCXyEfQf9MRiemvVZ+Kgs307ehsiHBhMleXx4B4xr2t6DQcgdvUul+6mOp6uoYVyoXotqXpr++5H1gnrNBJ/Vti6d3qhaoOf66XGNQe1
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PN0P287MB1122
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 12 Dec 2025 21:03:43 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/122624

Backport the fix for CVE-2025-55298

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5]
                          [https://github.com/ImageMagick/ImageMagick/commit/1f93323df9d8c011c31bc4c6880390071f7fb895]

Add below patch to fix
0010-ImageMagick-Fix-CVE-2025-55298-1.patch
0010-ImageMagick-Fix-CVE-2025-55298-2.patch

Add below support patch to fix
0010-ImageMagick-Add-support-patch-1-to-fix-CVE-2025-5529.patch
0010-ImageMagick-Add-support-patch-2-to-fix-CVE-2025-5529.patch
0010-ImageMagick-Add-support-patch-3-to-fix-CVE-2025-5529.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
---
 ...support-patch-1-to-fix-CVE-2025-5529.patch |  48 +++
 ...support-patch-2-to-fix-CVE-2025-5529.patch | 205 +++++++++++++
 ...support-patch-3-to-fix-CVE-2025-5529.patch | 103 +++++++
 ...010-ImageMagick-Fix-CVE-2025-55298-1.patch |  71 +++++
 ...010-ImageMagick-Fix-CVE-2025-55298-2.patch | 274 ++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |   5 +
 6 files changed, 706 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Add-support-patch-1-to-fix-CVE-2025-5529.patch
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Add-support-patch-2-to-fix-CVE-2025-5529.patch
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Add-support-patch-3-to-fix-CVE-2025-5529.patch
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Fix-CVE-2025-55298-1.patch
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Fix-CVE-2025-55298-2.patch

diff --git a/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Add-support-patch-1-to-fix-CVE-2025-5529.patch b/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Add-support-patch-1-to-fix-CVE-2025-5529.patch
new file mode 100644
index 0000000000..9e95b294e3
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Add-support-patch-1-to-fix-CVE-2025-5529.patch
@@ -0,0 +1,48 @@
+From 93bcbd44f4771227a9e637f69ddabb60e0e33b18 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Tue, 11 Nov 2025 14:34:12 +0530
+Subject: [PATCH 10/18] ImageMagick: Add support patch 1 to fix CVE-2025-55298
+
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/83caf59fce695fea0c5878e9f0d0b65e662cae66]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ MagickCore/image.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/MagickCore/image.c b/MagickCore/image.c
+index 346285165..f64e83645 100644
+--- a/MagickCore/image.c
++++ b/MagickCore/image.c
+@@ -1640,21 +1640,23 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+   char
+     *q;
+ 
++  const char
++    *p;
++
+   int
+     c;
+ 
+   MagickBooleanType
+     canonical;
+ 
+-  const char
+-    *p;
+-
+   ssize_t
+     offset;
+ 
+   canonical=MagickFalse;
+   offset=0;
+   (void) CopyMagickString(filename,format,MagickPathExtent);
++  if (IsStringTrue(GetImageOption(image_info,"filename:literal")) != MagickFalse)
++    return(strlen(filename));
+   for (p=strchr(format,'%'); p != (char *) NULL; p=strchr(p+1,'%'))
+   {
+     q=(char *) p+1;
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Add-support-patch-2-to-fix-CVE-2025-5529.patch b/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Add-support-patch-2-to-fix-CVE-2025-5529.patch
new file mode 100644
index 0000000000..a51bc1994b
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Add-support-patch-2-to-fix-CVE-2025-5529.patch
@@ -0,0 +1,205 @@
+From 18f573cbd4767d9b51b23cde5b58945ae4e57243 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Tue, 11 Nov 2025 21:53:10 +0530
+Subject: [PATCH 11/18] ImageMagick: Add support patch-2 to fix CVE-2025-55298
+
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/82550750ec8f79393b381c3ed349dd495bbab8a7]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ MagickCore/image.c | 134 +++++++++++++++++++--------------------------
+ 1 file changed, 55 insertions(+), 79 deletions(-)
+
+diff --git a/MagickCore/image.c b/MagickCore/image.c
+index f64e83645..cd4de6df9 100644
+--- a/MagickCore/image.c
++++ b/MagickCore/image.c
+@@ -1638,34 +1638,41 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+   ExceptionInfo *exception)
+ {
+   char
+-    *q;
++    *p = filename,
++    pattern[MagickPathExtent];
+ 
+   const char
+-    *p;
+-
+-  int
+-    c;
+-
+-  MagickBooleanType
+-    canonical;
+-
+-  ssize_t
+-    offset;
++    *cursor = format;
+ 
+-  canonical=MagickFalse;
+-  offset=0;
++  /*
++    Start with a copy of the format string.
++  */
+   (void) CopyMagickString(filename,format,MagickPathExtent);
+   if (IsStringTrue(GetImageOption(image_info,"filename:literal")) != MagickFalse)
+     return(strlen(filename));
+-  for (p=strchr(format,'%'); p != (char *) NULL; p=strchr(p+1,'%'))
++  while ((cursor=strchr(cursor,'%')) != (const char *) NULL)
+   {
+-    q=(char *) p+1;
+-    if (*q == '%')
++    const char
++      *q = cursor;
++
++    ssize_t
++      offset = (ssize_t) (cursor-format);
++
++    cursor++;  /* move past '%' */
++    if (*cursor == '%')
+       {
+-        p++;
++        /*
++          Escaped %%.
++        */
++        cursor++;
+         continue;
+       }
+-    switch (*q)
++    /*
++      Skip padding digits like %03d.
++    */
++    if (*cursor == '0')
++      (void) strtol(cursor,(char **) &cursor,10);
++    switch (*cursor)
+     {
+       case 'd':
+       case 'o':
+@@ -1674,93 +1681,62 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+         ssize_t
+           count;
+ 
+-        q++;
+-        c=(*q);
+-        *q='\0';
+-        count=FormatLocaleString(filename+(p-format-offset),(size_t)
+-          (MagickPathExtent-(p-format-offset)),p,value);
+-        if ((count <= 0) || (count > (MagickPathExtent-(p-format-offset))))
++        count=FormatLocaleString(pattern,sizeof(pattern),q,value);
++        if ((count <= 0) || (count >= MagickPathExtent))
+           return(0);
+-        offset+=(ssize_t) ((q-p)-count);
+-        *q=c;
+-        (void) ConcatenateMagickString(filename,q,MagickPathExtent);
+-        canonical=MagickTrue;
+-        if (*(q-1) != '%')
+-          break;
+-        p++;
++        if ((offset+count) >= MagickPathExtent)
++          return(0);
++        (void) CopyMagickString(p+offset,pattern,(size_t) (MagickPathExtent-
++          offset));
++        cursor++;
+         break;
+       }
+       case '[':
+       {
+-        char
+-          pattern[MagickPathExtent];
+-
+         const char
+-          *option;
++          *end = strchr(cursor,']'),
++          *option = (const char *) NULL;
+ 
+-        char
+-          *r;
+-
+-        ssize_t
+-          i;
+-
+-        ssize_t
+-          depth;
++        size_t
++          extent = (size_t) (end-cursor);
+ 
+         /*
+-          Image option.
++          Handle %[key:value];
+         */
+-        if (strchr(p,']') == (char *) NULL)
++        if (end == (const char *) NULL)
+           break;
+-        depth=1;
+-        r=q+1;
+-        for (i=0; (i < (MagickPathExtent-1L)) && (*r != '\0'); i++)
+-        {
+-          if (*r == '[')
+-            depth++;
+-          if (*r == ']')
+-            depth--;
+-          if (depth <= 0)
+-            break;
+-          pattern[i]=(*r++);
+-        }
+-        pattern[i]='\0';
+-        if (LocaleNCompare(pattern,"filename:",9) != 0)
++        if (extent >= sizeof(pattern))
+           break;
+-        option=(const char *) NULL;
++        (void) CopyMagickString(pattern,cursor,extent);
++        pattern[extent]='\0';
+         if (image != (Image *) NULL)
+           option=GetImageProperty(image,pattern,exception);
+-        if ((option == (const char *) NULL) && (image != (Image *) NULL))
++        if ((option == (const char *) NULL) && (image != (Image *)NULL))
+           option=GetImageArtifact(image,pattern);
+         if ((option == (const char *) NULL) &&
+             (image_info != (ImageInfo *) NULL))
+           option=GetImageOption(image_info,pattern);
+         if (option == (const char *) NULL)
+           break;
+-        q--;
+-        c=(*q);
+-        *q='\0';
+-        (void) CopyMagickString(filename+(p-format-offset),option,(size_t)
+-          (MagickPathExtent-(p-format-offset)));
+-        offset+=strlen(pattern)-strlen(option)+3;
+-        *q=c;
+-        (void) ConcatenateMagickString(filename,r+1,MagickPathExtent);
+-        canonical=MagickTrue;
+-        if (*(q-1) != '%')
+-          break;
+-        p++;
++        (void) CopyMagickString(p+offset,option,(size_t) (MagickPathExtent-
++          offset));
++        cursor=end+1;
+         break;
+       }
+       default:
+         break;
+     }
+   }
+-  if (canonical == MagickFalse)
+-    (void) CopyMagickString(filename,format,MagickPathExtent);
+-  else
+-    for (q=filename; *q != '\0'; q++)
+-      if ((*q == '%') && (*(q+1) == '%'))
+-        (void) CopyMagickString(q,q+1,(size_t) (MagickPathExtent-(q-filename)));
++  for (p=filename; *p != '\0'; )
++  {
++    /*
++      Replace "%%" with "%".
++    */
++    if ((*p == '%') && (*(p+1) == '%'))
++      (void) memmove(p,p+1,strlen(p));  /* shift left */
++    else
++      p++;
++  }
+   return(strlen(filename));
+ }
+ 
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Add-support-patch-3-to-fix-CVE-2025-5529.patch b/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Add-support-patch-3-to-fix-CVE-2025-5529.patch
new file mode 100644
index 0000000000..2f4e019132
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Add-support-patch-3-to-fix-CVE-2025-5529.patch
@@ -0,0 +1,103 @@
+From abc0b89e166c993ff766d3ff62b6d2be82f478f3 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Wed, 12 Nov 2025 11:35:37 +0530
+Subject: [PATCH 12/18] ImageMagick: Add support patch-3 to fix CVE-2025-55298
+
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/6c7c8d5866b9c0ce6cc76a741e05b9482716101e]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ MagickCore/image.c | 31 +++++++++++++++++++++----------
+ 1 file changed, 21 insertions(+), 10 deletions(-)
+
+diff --git a/MagickCore/image.c b/MagickCore/image.c
+index cd4de6df9..1acf8edbd 100644
+--- a/MagickCore/image.c
++++ b/MagickCore/image.c
+@@ -1647,6 +1647,8 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+   /*
+     Start with a copy of the format string.
+   */
++  assert(format != (const char *) NULL);
++  assert(filename != (char *) NULL);
+   (void) CopyMagickString(filename,format,MagickPathExtent);
+   if (IsStringTrue(GetImageOption(image_info,"filename:literal")) != MagickFalse)
+     return(strlen(filename));
+@@ -1670,7 +1672,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+     /*
+       Skip padding digits like %03d.
+     */
+-    if (*cursor == '0')
++    if (isdigit((int) ((unsigned char) *cursor)) != 0)
+       (void) strtol(cursor,(char **) &cursor,10);
+     switch (*cursor)
+     {
+@@ -1682,9 +1684,8 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+           count;
+ 
+         count=FormatLocaleString(pattern,sizeof(pattern),q,value);
+-        if ((count <= 0) || (count >= MagickPathExtent))
+-          return(0);
+-        if ((offset+count) >= MagickPathExtent)
++        if ((count <= 0) || (count >= MagickPathExtent) ||
++            ((offset+count) >= MagickPathExtent))
+           return(0);
+         (void) CopyMagickString(p+offset,pattern,(size_t) (MagickPathExtent-
+           offset));
+@@ -1698,7 +1699,9 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+           *option = (const char *) NULL;
+ 
+         size_t
+-          extent = (size_t) (end-cursor);
++          extent = (size_t) (end-cursor-1),
++          option_length,
++          tail_length;
+ 
+         /*
+           Handle %[key:value];
+@@ -1707,19 +1710,27 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+           break;
+         if (extent >= sizeof(pattern))
+           break;
+-        (void) CopyMagickString(pattern,cursor,extent);
++        (void) CopyMagickString(pattern,cursor+1,extent+1);
+         pattern[extent]='\0';
+         if (image != (Image *) NULL)
+-          option=GetImageProperty(image,pattern,exception);
+-        if ((option == (const char *) NULL) && (image != (Image *)NULL))
+-          option=GetImageArtifact(image,pattern);
++          {
++            option=GetImageProperty(image,pattern,exception);
++            if (option == (const char *) NULL)
++              option=GetImageArtifact(image,pattern);
++          }
+         if ((option == (const char *) NULL) &&
+             (image_info != (ImageInfo *) NULL))
+           option=GetImageOption(image_info,pattern);
+         if (option == (const char *) NULL)
+           break;
++        option_length=strlen(option);
++        tail_length=strlen(end+1);
++        if ((offset+option_length+tail_length+1) > MagickPathExtent)
++          return(0);
+         (void) CopyMagickString(p+offset,option,(size_t) (MagickPathExtent-
+           offset));
++        (void) ConcatenateMagickString(p+offset+option_length,end+1,(size_t) (
++          MagickPathExtent-offset-option_length-tail_length-1));
+         cursor=end+1;
+         break;
+       }
+@@ -1733,7 +1744,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+       Replace "%%" with "%".
+     */
+     if ((*p == '%') && (*(p+1) == '%'))
+-      (void) memmove(p,p+1,strlen(p));  /* shift left */
++      (void) memmove(p,p+1,strlen(p+1)+1);  /* shift left */
+     else
+       p++;
+   }
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Fix-CVE-2025-55298-1.patch b/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Fix-CVE-2025-55298-1.patch
new file mode 100644
index 0000000000..95dda55623
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Fix-CVE-2025-55298-1.patch
@@ -0,0 +1,71 @@
+From 62f97a69edb936544604e669de25e4bf2a9e2f06 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Wed, 12 Nov 2025 11:52:00 +0530
+Subject: [PATCH 13/18] ImageMagick: Fix CVE-2025-55298
+
+CVE: CVE-2025-55298
+
+This CVE fixed in two parts, this commit includes the first fix.
+
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/1f93323df9d8c011c31bc4c6880390071f7fb895]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ MagickCore/image.c | 32 ++++++++++++++++++++++++++++++++
+ 1 file changed, 32 insertions(+)
+
+diff --git a/MagickCore/image.c b/MagickCore/image.c
+index 1acf8edbd..7a52236d8 100644
+--- a/MagickCore/image.c
++++ b/MagickCore/image.c
+@@ -1633,6 +1633,31 @@ MagickExport VirtualPixelMethod GetImageVirtualPixelMethod(const Image *image)
+ %    o exception: return any errors or warnings in this structure.
+ %
+ */
++
++static inline MagickBooleanType PercentNInvalidOperation(char *filename)
++{
++  MagickBooleanType
++    match = MagickFalse;
++
++  size_t
++    length = strlen(filename);
++
++  ssize_t
++    i;
++
++  for (i=0; i < (ssize_t) length-1; i++)
++  {
++    if ((filename[i] == '%') &&
++        ((filename[i+1] == 'n') || (filename[i+1] == 'N')))
++      {
++        filename[i]='?';
++        filename[i+1]='\?';
++        match=MagickTrue;
++      }
++  }
++  return(match);
++}
++
+ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+   Image *image,const char *format,int value,char *filename,
+   ExceptionInfo *exception)
+@@ -1652,6 +1677,13 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+   (void) CopyMagickString(filename,format,MagickPathExtent);
+   if (IsStringTrue(GetImageOption(image_info,"filename:literal")) != MagickFalse)
+     return(strlen(filename));
++  if (PercentNInvalidOperation(filename) != MagickFalse)
++    {
++      errno=EPERM;
++      (void) ThrowMagickException(exception,GetMagickModule(),OptionError,
++        "InvalidArgument","`%s'",filename);
++      return(0);
++    }
+   while ((cursor=strchr(cursor,'%')) != (const char *) NULL)
+   {
+     const char
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Fix-CVE-2025-55298-2.patch b/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Fix-CVE-2025-55298-2.patch
new file mode 100644
index 0000000000..c9cbf95c4d
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0010-ImageMagick-Fix-CVE-2025-55298-2.patch
@@ -0,0 +1,274 @@
+From b7e445241e43e3e919667d7244ccb99573cf951a Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Wed, 12 Nov 2025 13:05:40 +0530
+Subject: [PATCH 14/18] ImageMagick: Fix CVE-2025-55298
+
+CVE: CVE-2025-55298
+
+This CVE fixed in two parts, this commit includes the second fix.
+
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ MagickCore/image.c | 183 ++++++++++++++++++++++++---------------------
+ 1 file changed, 96 insertions(+), 87 deletions(-)
+
+diff --git a/MagickCore/image.c b/MagickCore/image.c
+index 7a52236d8..3e6fdd114 100644
+--- a/MagickCore/image.c
++++ b/MagickCore/image.c
+@@ -1619,7 +1619,7 @@ MagickExport VirtualPixelMethod GetImageVirtualPixelMethod(const Image *image)
+ %
+ %  A description of each parameter follows.
+ %
+-%    o image_info: the image info..
++%    o image_info: the image info.
+ %
+ %    o image: the image.
+ %
+@@ -1634,28 +1634,38 @@ MagickExport VirtualPixelMethod GetImageVirtualPixelMethod(const Image *image)
+ %
+ */
+ 
+-static inline MagickBooleanType PercentNInvalidOperation(char *filename)
++static inline MagickBooleanType IsValidFormatSpecifier(const char *start,
++  const char *end)
+ {
+-  MagickBooleanType
+-    match = MagickFalse;
+-
++  char
++    specifier = end[-1];
+   size_t
+-    length = strlen(filename);
++    length = end-start;
+ 
+-  ssize_t
+-    i;
++  /*
++    Is this a valid format specifier?
++  */
++  if ((specifier != 'd') && (specifier != 'x') && (specifier != 'o'))
++    return(MagickFalse);
++  if ((length == 1) && (*start == specifier))
++    return(MagickTrue);
++  if (length >= 2)
++    {
++      size_t
++        i = 0;
+ 
+-  for (i=0; i < (ssize_t) length-1; i++)
+-  {
+-    if ((filename[i] == '%') &&
+-        ((filename[i+1] == 'n') || (filename[i+1] == 'N')))
+-      {
+-        filename[i]='?';
+-        filename[i+1]='\?';
+-        match=MagickTrue;
+-      }
+-  }
+-  return(match);
++      if (*start == '0')
++        {
++          if ((length >= 3) && (start[1] == '0'))
++            return(MagickFalse);
++          i=1;
++        }
++      for ( ; i < (length-1); i++)
++        if (isdigit((int) ((unsigned char) start[i])) == 0)
++          return(MagickFalse);
++      return(MagickTrue);
++    }
++  return(MagickFalse);
+ }
+ 
+ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+@@ -1669,82 +1679,89 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+   const char
+     *cursor = format;
+ 
+-  /*
+-    Start with a copy of the format string.
+-  */
+   assert(format != (const char *) NULL);
+   assert(filename != (char *) NULL);
+-  (void) CopyMagickString(filename,format,MagickPathExtent);
+   if (IsStringTrue(GetImageOption(image_info,"filename:literal")) != MagickFalse)
+-    return(strlen(filename));
+-  if (PercentNInvalidOperation(filename) != MagickFalse)
+     {
+-      errno=EPERM;
+-      (void) ThrowMagickException(exception,GetMagickModule(),OptionError,
+-        "InvalidArgument","`%s'",filename);
+-      return(0);
++      (void) CopyMagickString(filename,format,MagickPathExtent);
++      return(strlen(filename));
+     }
+-  while ((cursor=strchr(cursor,'%')) != (const char *) NULL)
++  while ((*cursor != '\0') && ((p-filename) < ((ssize_t) MagickPathExtent-1)))
+   {
+     const char
+-      *q = cursor;
++      *specifier_start,
++      *start;
+ 
+-    ssize_t
+-      offset = (ssize_t) (cursor-format);
+-
+-    cursor++;  /* move past '%' */
++    if (*cursor != '%')
++      {
++        *p++=(*cursor++);
++        continue;
++      }
++    start=cursor++;  /* Skip '%' */
+     if (*cursor == '%')
+       {
+-        /*
+-          Escaped %%.
+-        */
++        *p++='%';
+         cursor++;
+         continue;
+       }
+-    /*
+-      Skip padding digits like %03d.
+-    */
+-    if (isdigit((int) ((unsigned char) *cursor)) != 0)
+-      (void) strtol(cursor,(char **) &cursor,10);
+-    switch (*cursor)
+-    {
+-      case 'd':
+-      case 'o':
+-      case 'x':
++    specifier_start=cursor;
++    while (isdigit((int) ((unsigned char) *cursor)) != 0)
++      cursor++;
++    if ((*cursor == 'd') || (*cursor == 'o') || (*cursor == 'x'))
+       {
+-        ssize_t
+-          count;
++        const char
++          *specifier_end = cursor+1;
+ 
+-        count=FormatLocaleString(pattern,sizeof(pattern),q,value);
+-        if ((count <= 0) || (count >= MagickPathExtent) ||
+-            ((offset+count) >= MagickPathExtent))
+-          return(0);
+-        (void) CopyMagickString(p+offset,pattern,(size_t) (MagickPathExtent-
+-          offset));
+-        cursor++;
+-        break;
++        if (IsValidFormatSpecifier(specifier_start,specifier_end) != MagickFalse)
++          {
++            char
++              format_specifier[MagickPathExtent];
++
++            size_t
++              length = cursor-specifier_start;
++
++            ssize_t
++              count;
++
++            (void) snprintf(format_specifier,sizeof(format_specifier),
++              "%%%.*s%c",(int) length,specifier_start,*cursor);
++            count=FormatLocaleString(pattern,sizeof(pattern),format_specifier,
++              value);
++            if ((count <= 0) || ((p-filename+count) >= MagickPathExtent))
++              return(0);
++            (void) CopyMagickString(p,pattern,MagickPathExtent-(p-filename));
++            p+=strlen(pattern);
++            cursor++;
++            continue;
++          }
++        else
++          {
++            /*
++              Invalid specifier — treat as literal.
++            */
++            cursor=start;
++            *p++=(*cursor++);
++            continue;
++          }
+       }
+-      case '[':
++    if (*cursor == '[')
+       {
+         const char
+           *end = strchr(cursor,']'),
+           *option = (const char *) NULL;
+ 
+         size_t
+-          extent = (size_t) (end-cursor-1),
+-          option_length,
+-          tail_length;
++          extent,
++          option_length;
+ 
+-        /*
+-          Handle %[key:value];
+-        */
+         if (end == (const char *) NULL)
+-          break;
++          continue;
++        extent=(size_t) (end-cursor-1);
+         if (extent >= sizeof(pattern))
+-          break;
++          continue;
+         (void) CopyMagickString(pattern,cursor+1,extent+1);
+         pattern[extent]='\0';
+-        if (image != (Image *) NULL)
++        if (image != NULL)
+           {
+             option=GetImageProperty(image,pattern,exception);
+             if (option == (const char *) NULL)
+@@ -1754,32 +1771,24 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
+             (image_info != (ImageInfo *) NULL))
+           option=GetImageOption(image_info,pattern);
+         if (option == (const char *) NULL)
+-          break;
++          continue;
+         option_length=strlen(option);
+-        tail_length=strlen(end+1);
+-        if ((offset+option_length+tail_length+1) > MagickPathExtent)
++        if ((p-filename+option_length) >= MagickPathExtent)
+           return(0);
+-        (void) CopyMagickString(p+offset,option,(size_t) (MagickPathExtent-
+-          offset));
+-        (void) ConcatenateMagickString(p+offset+option_length,end+1,(size_t) (
+-          MagickPathExtent-offset-option_length-tail_length-1));
++        (void) CopyMagickString(p,option,MagickPathExtent-(p-filename));
++        p+=option_length;
+         cursor=end+1;
+-        break;
++        continue;
+       }
+-      default:
+-        break;
+-    }
+-  }
+-  for (p=filename; *p != '\0'; )
+-  {
+     /*
+-      Replace "%%" with "%".
++      Invalid or unsupported specifier — treat as literal.
+     */
+-    if ((*p == '%') && (*(p+1) == '%'))
+-      (void) memmove(p,p+1,strlen(p+1)+1);  /* shift left */
+-    else
+-      p++;
++    cursor=start;
++    if ((p-filename+1) >= MagickPathExtent)
++      return(0);
++    *p++=(*cursor++);
+   }
++  *p='\0';
+   return(strlen(filename));
+ }
+ 
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index 751186b361..ecd4d85b3a 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -34,6 +34,11 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://0007-ImageMagick-Fix-CVE-2025-57803.patch \
     file://0008-ImageMagick-Fix-CVE-2025-57807.patch \
     file://0009-ImageMagick-Fix-CVE-2025-55154.patch \
+    file://0010-ImageMagick-Add-support-patch-1-to-fix-CVE-2025-5529.patch \
+    file://0010-ImageMagick-Add-support-patch-2-to-fix-CVE-2025-5529.patch \
+    file://0010-ImageMagick-Add-support-patch-3-to-fix-CVE-2025-5529.patch \
+    file://0010-ImageMagick-Fix-CVE-2025-55298-1.patch \
+    file://0010-ImageMagick-Fix-CVE-2025-55298-2.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"

From patchwork Fri Dec 12 14:59:47 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
X-Patchwork-Id: 76405
Return-Path: <philip@balister.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D9299D59D9C
	for <webhook@archiver.kernel.org>; Fri, 12 Dec 2025 21:03:43 +0000 (UTC)
Received: from MA0PR01CU009.outbound.protection.outlook.com
 (MA0PR01CU009.outbound.protection.outlook.com [52.101.227.63])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.14827.1765552507422520732
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 12 Dec 2025 07:15:08 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@bmwtechworks.in
 header.s=selector1 header.b=Feonn5ux;
 spf=pass (domain: bmwtechworks.in, ip: 52.101.227.63,
 mailfrom: divyanshu.rathore@bmwtechworks.in)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=gDPMGw9H8Ut4QqBk50Ec/xAY10fNBwZL/g7gQ5JtsewCPXT8/une4B1iuNWHBPobr3GpVolS4+NnFDYfG1u/Y3r1PEVWkxQCHV/wwLOTz8/GoY+nSe+Qf7tznLrRqfnOsCJceujCDN/F8meUC6mj4W0l0Etbj0e28tjQ8ZI+lljFJAM9wgKxJ37fyaiVcp21vYfneLe/ovwxYu7G7+okBdXU6tmblValfraHVzImiCpZUPnPs+9YbJ9J4DRj+M6qmup8CMxx1J/9Sdp0qPqOq7DYhAzz3BabbF5bQ8bdj73rgMBrOEmpCQvcfAEk/JotowRlgb7+bONYRG3Btt0UIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=Edj6afTqAK9K2Re5ZHOq3FybE9LwVs0CQDmnSliA1Co=;
 b=TpoSjf26qQK7ftpyQZqSeG1RDdlcVkgOHA1LMHsB2kcCjSz0qeTCP7qcQSX4RdkO54Yv8j+2IoJvaycIYQ63jdwL8LEHKZZQPJLAj+gnsVN8L9WIRTawZlFmmz2VBgtWnx7G/8MhBbegc3xEHjDrFI1Dx967GiOqBF9CoX8hOm19Q6dQRHwePQt9k3Ad4VcwjJFVL/30f1F8ndI35grIfmjQiQwbMXgviLPpYuGM+JPs1MggEzBCvRdW07yEIWtUqDqAeFiva8bz1hQU7qWoCzhvuDPHwJlIjQfTo9TJO5wvg7uNr0aoi9FiK+odzHW/HjWOIa868ThsVjyd3DwNVA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=bmwtechworks.in; dmarc=pass action=none
 header.from=bmwtechworks.in; dkim=pass header.d=bmwtechworks.in; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bmwtechworks.in;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Edj6afTqAK9K2Re5ZHOq3FybE9LwVs0CQDmnSliA1Co=;
 b=Feonn5uxvYfRgWEhcAXwdDufBceCfRv2rOPkIHDuUNnRenqYrd8yJI/iO9a10fwluLy1nDEj+Ca9E5kmrMLj6ngRWg6dWwGLBe2emS6GcoyNsubYwU6Fr9txmAgJzkDDL611PRRhzfH1axtX0SWYj4rjMMw0IHlyc4G/X7qZYuoMIupxOJXOrq5IZtdQ7xP2wuJD8q3Sn48ExC9LOkvO62CxAaZlfw9F6IOZWSX+RmRfGDppbvZHYW84EoeeTRdeP37QH5CCON29xeK461BFU5PgPTuIWOl3xGTum4JLIBGsxHDT9ekbFDxo/CNsiz2I2OlLy5iIV6MGcg/jpIh4/Q==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=bmwtechworks.in;
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM (2603:1096:a01:143::11)
 by PN0P287MB1122.INDP287.PROD.OUTLOOK.COM (2603:1096:c01:139::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9412.10; Fri, 12 Dec
 2025 15:00:23 +0000
Received: from MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483]) by MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 ([fe80::9a89:c69c:9878:e483%6]) with mapi id 15.20.9412.005; Fri, 12 Dec 2025
 15:00:23 +0000
From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
To: openembedded-devel@lists.openembedded.org
CC: Divyanshu.Rathore@bmwtechworks.in
Subject: [meta-oe][kirkstone][PATCH v2 11/11] ImageMagick: Fix CVE-2023-34151
Date: Fri, 12 Dec 2025 20:29:47 +0530
Message-ID: <20251212145947.7434-11-Divyanshu.Rathore@bmwtechworks.in>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
References: <20251212145947.7434-1-Divyanshu.Rathore@bmwtechworks.in>
X-ClientProxiedBy: PN0PR01CA0009.INDPRD01.PROD.OUTLOOK.COM
 (2603:1096:c01:4f::14) To MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
 (2603:1096:a01:143::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MA0P287MB3378:EE_|PN0P287MB1122:EE_
X-MS-Office365-Filtering-Correlation-Id: db137c15-af55-4d10-71ef-08de398f2d18
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|52116014|366016|376014|1800799024|38350700014|13003099007;
X-Microsoft-Antispam-Message-Info: 
 YDyrbUB1CoTJuyhfw2DFALmUShcAMvLpBjN0ptI8Tm/fGXGZ+tReXrtoog9jkOS3gQsfqbleQUjBZ3CVuDxLlgJrvzIyj+uAI7kkjUA/Y7YqFermwwj/MVV4bcpKIfge/EVwJIQYDgVqzkp7iZ6Gk9cUdgh8yjeFXp+O9ad3vdjTUKtAJOE22wI4W8wOEFrDlOaAsRsmMcfOwSBnp+mssRu05C2SQQuZTPh6pFay0wkhFZCoIy7BIJW3llc49SiYsRvrWE1aU49TQIfEHKqh1c5hq8MkidyA229u3Bbq+R87eQl7qBL6FRralz/GVJK5vMgAeKAdC73Q4vmbvYFVoej8cL/b4k48Cn2n1wHIenXLd9wkLesSOL6To06f4+p7biKpEvCSKgEM98u1SV1NVRshQbUQv97wMYaSwrtTHQgCJYGPEXvW1zTulZqzgzfEXghdoAJJFktO5kl+5sMWeFRmqkBlbFoHD33IzyJQD2LLbPGuDfbdrY9MlYkVtPfbWjamc+h49OWuZFizo5Gcy1+GHdnZhk4T8vITa+MjZiUlle/mXTHu53Gkpn3vt/c0hfwEOGJ3CJZw3tRZtFgMe7Dod9UZvifzRBajdi0D08/ES+a4Z9ZkRBj62J9QaKdwyiWlxkWpvw8LHXJcQ9f4MsJ80QifmtRDae4D4Ytdy7nDPYtBzLgxcKvTlUXouyqD6vXrVNo0kxc+FHpJnzDo95Ly02RdlwsI4xSspgcWE8Qqz9MCAuVaaS/FHdr3i8+HJmuoolWf+vXpigNpKpuYqLjC0u8S5KpeuymOv5vQBHyKXY6foC+k4AFHVJLjBxWPT2Br22rl6dZf8tQESiY1ae3p/gQ5008yjroeOFQB0lRp0+Rm7QtA1kcZnysQR7r17576rcVD1HlwR4b88PbxDH4R7zEM+ZyAXds92mwrXmXnNpheP8ajTAMTQbo0DOEFsn848okBI8sHvcoAt3pvUeaeGd2kO0zfH1nL/84D7Nw5Gba0AEziTtJrIFQFVvlkQeWLEyhvRISx34T7sWGfIFvPURTFGuCosVP1AF3paXilE2C2hfxJXpHbCs9510P1O1Uf6pY6aTEuu8yJ82Ri6EUFe31UnfW6ta/kf6cwyW8TQq5P6y2OLJIg0iuh7jH3AM0WL9vJkXmZvdf1+dtl6ZCifsqlBXSb7Kzef3HEnWCb+e4iQXSDhagEaNPhvhoowY0YFKUGKJTIh83lNNs2zmdiYJa3VwHFbcquv9HGHw65ycftcL42cr0JJllR+uWZYyLG26dbUX8kGaQfYOv/fNiJog9SbloOiD7QQX0IR7rVHViQvAVd4TwfmdiWmDNmtLF/4SYU06RiREtZ7ZPjKb29ZpvKbjKKQw3w0bZ0jNGfr+dWJUW6ebOsxD1cU1qSYVFfp5xRs2ypkZPYyA/SZuvvfZuKZSj3Lr75MLRFUsVXfUQkawHi4zxPx+caniqrF6xvXqxQcZ+d4yLWC7vWKA==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MA0P287MB3378.INDP287.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(38350700014)(13003099007);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 ptIp8f/bvha7uu7pNZGPDtQdSx5yR2WAaKKT3CvcfDMbkNu/XgevwONy5wfk7omihFDwKIVaI8SH9UsSPHyQMfGLZXeZ8jo1iRKLyyMqMV32QhWvGpnF/zy1F0tgo6PNGuQ6MJUcOIiSPT+3vjWPB69gdag026JoDQM1p+dxnmlZ7d9NgiECojsF7ODMy+pV7IdWYtxOyaS0qAloJlseYF2sPDaK6D1MRlSCS5jMgJBBXLW0mZvRPJhR8uG9FsBAPQi5mJ6ZvbTAjNb3puK8sUHqSyAeRh6IcL1542czCk4S5whoR0ZYseFrstoLG9ieG69TpPTZeuCd7bp9sSq34sfcK9o0XzmF4nxxM6iL6aMuiyj+JDBVQwjaJxA6kpEefnyvzqY4xtdgILlxpziA0tNivMYC4kegbIJhTSvSn0yJFOslIyzgrlFPvZOj3PK+V1NWV2WXOdd5HzvC8cGJ4R00TfUVG7LqoGb+Hga0o0H6iU58JsjKZRJRC5kUg8oOPLQ31eWOm1BOP8igwQCBSSEeAt8/tjtQTxJusZP1waUi1Ow5i+cvRCSMJckhqgDA4ApYo6v3by5COQFDdO4f6E7Bkqcld7MQz/49Y1pc4V9aK8htQwBXO3YYR0EO6LELZfhC/8QsLxNxB28eX3oh4YV8/Mg9tMJwge5OUQOOYxgfGaPb9WR29zbTUPaot3iswsNHoFnz2hMYbbSgje7V5kWLu4TTCcsv+1RCIWppoVbrnrX3jGR7Dv/Gq/+T4aYXSgbSkCl62RBHml/C6Vc5Rtr6OSa/wXIEzmtuB/IquOo8GAwKsQl4Ly3TNPXXnkDOGOJhqEkufwGR9ssez2AVO2mz3iZsokvQoWX+5DuGi1CzM1R4YHHQP5Er4Wi3opXLx1BCaCE11hmjGyxW6kSPQP5cOU3uzhBcZJmIovlFcFB5mgQvjdvi7TExzu3xlJIAUUU/buhSoeXx/tlGm4VZkEiDVF4c9GayT01f4VAmiA4Iqz0HUSD3coV8h3Of1vjkHfKqCUXdAEczTdcc2BMLUtKkociAyuEvUnATrh9MGQmfD4b0pmtZ2e9uUzFhj4E6wESR1e1SLV0/bjhOTPMmWCARgyKnZAwgCNdINRQfWdzgTvqUQCdZT/RxztMVNi23a05fe9wKo7FwTQZYtHcqlVFxuUI0EFqpwRxCtx15+nxnuRylbBktUrtssGDTbzpdrZ8DE2TrlmodzERYnYiaICQgXUwhSq8AXwD2thyyR+fBXol9mBsoDBAOQbhwHawzCcYr1aKFeOlXBc/EFwVTzJ4kkzB9CHeFw6CTBrKCKK/PyJnPmBkM9w8nNce7als7nfoQrvLqLXqbU4F2fZk3K6kpgCZEaE6VIPzAmf2NgWqDy6Z4mtZnkPRjg/klHSUaWCvfGDSbuzCQ3qP4XaFHky3kDfQtIK8GHX2daG7CfAf7oRvJlC2ln4t7gfZqbp+m1drpO07MCYM0UiqS5XFUJIu2F9tLlAHCO37R8x8MvbBxxUlzxufEYLBZ8k4NIGTt+0Yfmj8mosM9s+RQko2sdfEpgCmpCWsoZe3bixXpOpyQQQ4hK9UHclmt1Pg8X/HcJMZG3gLtHNVndLq2BJzVTLm4q7lyKDUftLI66f8H878=
X-OriginatorOrg: bmwtechworks.in
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 db137c15-af55-4d10-71ef-08de398f2d18
X-MS-Exchange-CrossTenant-AuthSource: MA0P287MB3378.INDP287.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2025 15:00:23.4975
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 970fa6fd-1031-4cc6-8c56-488f3c61cd05
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 XYJSSo7EncK9CzxJ9UHpDnbKlzAor5fl1/llOregouUbuCL0CwvKoG6kE+uvP1qQ7ZejWRID4Qzaesa0Q6hDW05/Pvk+5KOS4d5VQ5vz37ty358nlqcVjeCYbDSxyBbu
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PN0P287MB1122
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 12 Dec 2025 21:03:43 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/122619

Backport the fix for CVE-2023-34151

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/3d6d98d8a2be30d74172ab43b5b8e874d2deb158]

Add below patch to fix
0011-ImageMagick-Fix-CVE-2023-34151.patch

Add below support patch to fix
0011-ImageMagick-Add-support-patch-1-to-fix-CVE-2023-3415.patch
0011-ImageMagick-Add-support-patch-2-to-fix-CVE-2023-3415.patch
0011-ImageMagick-Add-support-patch-3-to-fix-CVE-2023-3415.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
---
 ...support-patch-1-to-fix-CVE-2023-3415.patch |  75 ++
 ...support-patch-2-to-fix-CVE-2023-3415.patch | 973 +++++++++++++++++
 ...support-patch-3-to-fix-CVE-2023-3415.patch | 977 ++++++++++++++++++
 .../0011-ImageMagick-Fix-CVE-2023-34151.patch | 314 ++++++
 .../imagemagick/imagemagick_7.0.10.bb         |   4 +
 5 files changed, 2343 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Add-support-patch-1-to-fix-CVE-2023-3415.patch
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Add-support-patch-2-to-fix-CVE-2023-3415.patch
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Add-support-patch-3-to-fix-CVE-2023-3415.patch
 create mode 100644 meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Fix-CVE-2023-34151.patch

diff --git a/meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Add-support-patch-1-to-fix-CVE-2023-3415.patch b/meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Add-support-patch-1-to-fix-CVE-2023-3415.patch
new file mode 100644
index 0000000000..de22f9f317
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Add-support-patch-1-to-fix-CVE-2023-3415.patch
@@ -0,0 +1,75 @@
+From dd62bd8f2e1aa6822551c668d23b4d288390dcb7 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Mon, 21 Feb 2022 11:55:43 -0500
+Subject: [PATCH 15/18] ImageMagick: Add support patch 1 to fix CVE-2023-34151
+
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/eb0882667cddc4ea71b61a583a782c430220faf4]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ MagickCore/image-private.h | 11 +++++++++++
+ coders/txt.c               | 24 ++++++++++++------------
+ 2 files changed, 23 insertions(+), 12 deletions(-)
+
+diff --git a/MagickCore/image-private.h b/MagickCore/image-private.h
+index 40c8686d3..59b88fb6f 100644
+--- a/MagickCore/image-private.h
++++ b/MagickCore/image-private.h
+@@ -61,6 +61,17 @@ static inline ssize_t CastDoubleToLong(const double value)
+   return((ssize_t) value);
+ }
+ 
++static inline QuantumAny CastDoubleToQuantumAny(const double x)
++{
++  if (IsNaN(x) != 0)
++    return(0);
++  if (x > ((double) ((QuantumAny) ~0)))
++    return((QuantumAny) ~0);
++  if (x < 0.0)
++    return(0.0);
++  return((QuantumAny) (x+0.5));
++}
++
+ static inline double DegreesToRadians(const double degrees)
+ {
+   return((double) (MagickPI*degrees/180.0));
+diff --git a/coders/txt.c b/coders/txt.c
+index b9bd08ce5..f8312a4fd 100644
+--- a/coders/txt.c
++++ b/coders/txt.c
+@@ -564,18 +564,18 @@ static Image *ReadTXTImage(const ImageInfo *image_info,ExceptionInfo *exception)
+             green+=(range+1)/2.0;
+             blue+=(range+1)/2.0;
+           }
+-        pixel.red=(MagickRealType) ScaleAnyToQuantum((QuantumAny)
+-          MagickMax(red+0.5,0.0),range);
+-        pixel.green=(MagickRealType) ScaleAnyToQuantum((QuantumAny)
+-          MagickMax(green+0.5,0.0),range);
+-        pixel.blue=(MagickRealType) ScaleAnyToQuantum((QuantumAny)
+-          MagickMax(blue+0.5,0.0),range);
+-        pixel.black=(MagickRealType) ScaleAnyToQuantum((QuantumAny)
+-          MagickMax(black+0.5,0.0),range);
+-        pixel.alpha=(MagickRealType) ScaleAnyToQuantum((QuantumAny)
+-          MagickMax(alpha+0.5,0.0),range);
+-        q=GetAuthenticPixels(image,CastDoubleToLong(x_offset),
+-          CastDoubleToLong(y_offset),1,1,exception);
++        pixel.red=(MagickRealType) ScaleAnyToQuantum(CastDoubleToQuantumAny(
++          red),range);
++        pixel.green=(MagickRealType) ScaleAnyToQuantum(CastDoubleToQuantumAny(
++          green),range);
++        pixel.blue=(MagickRealType) ScaleAnyToQuantum(CastDoubleToQuantumAny(
++          blue),range);
++        pixel.black=(MagickRealType) ScaleAnyToQuantum(CastDoubleToQuantumAny(
++          black),range);
++        pixel.alpha=(MagickRealType) ScaleAnyToQuantum(CastDoubleToQuantumAny(
++          alpha),range);
++        q=GetAuthenticPixels(image,CastDoubleToLong(x_offset),CastDoubleToLong(
++          y_offset),1,1,exception);
+         if (q == (Quantum *) NULL)
+           {
+             status=MagickFalse;
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Add-support-patch-2-to-fix-CVE-2023-3415.patch b/meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Add-support-patch-2-to-fix-CVE-2023-3415.patch
new file mode 100644
index 0000000000..7d73ba08c1
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Add-support-patch-2-to-fix-CVE-2023-3415.patch
@@ -0,0 +1,973 @@
+From 95a74f9639872c667213b9ce201c1a388d538d30 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Tue, 2 Dec 2025 14:02:56 +0530
+Subject: [PATCH 16/18] ImageMagick: Add support patch 2 to fix CVE-2023-34151
+
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/f7b5682435d37ad5ea8142d69629c93228e6376d]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ MagickCore/annotate.c       |  8 ++---
+ MagickCore/draw.c           | 60 ++++++++++++++++++-------------------
+ MagickCore/effect.c         |  8 ++---
+ MagickCore/gem.c            |  2 +-
+ MagickCore/geometry.c       | 24 +++++++--------
+ MagickCore/image-private.h  | 37 ++++++++++++++++-------
+ MagickCore/image.c          | 20 ++++++-------
+ MagickCore/pixel.c          | 36 +++++++++++-----------
+ MagickCore/property.c       |  4 +--
+ MagickCore/shear.c          | 22 +++++++-------
+ MagickCore/studio.h         |  2 --
+ MagickCore/transform.c      |  4 +--
+ MagickCore/visual-effects.c | 40 ++++++++++++-------------
+ MagickWand/drawing-wand.c   |  8 ++---
+ MagickWand/studio.h         |  2 --
+ coders/histogram.c          |  6 ++--
+ coders/jpeg.c               |  3 +-
+ coders/png.c                | 12 ++++----
+ coders/tiff.c               |  4 +--
+ coders/txt.c                |  4 +--
+ 20 files changed, 159 insertions(+), 147 deletions(-)
+
+diff --git a/MagickCore/annotate.c b/MagickCore/annotate.c
+index 4be938be5..14f8d05d8 100644
+--- a/MagickCore/annotate.c
++++ b/MagickCore/annotate.c
+@@ -1734,8 +1734,8 @@ static MagickBooleanType RenderFreetype(Image *image,const DrawInfo *draw_info,
+ 
+           if (status == MagickFalse)
+             continue;
+-          x_offset=CastDoubleToLong(ceil(point.x-0.5));
+-          y_offset=CastDoubleToLong(ceil(point.y+y-0.5));
++          x_offset=CastDoubleToSSizeT(ceil(point.x-0.5));
++          y_offset=CastDoubleToSSizeT(ceil(point.y+y-0.5));
+           if ((y_offset < 0) || (y_offset >= (ssize_t) image->rows))
+             continue;
+           q=(Quantum *) NULL;
+@@ -1750,7 +1750,7 @@ static MagickBooleanType RenderFreetype(Image *image,const DrawInfo *draw_info,
+           n=y*bitmap->bitmap.pitch;
+           for (x=0; x < (ssize_t) bitmap->bitmap.width; x++, n++)
+           {
+-            x_offset=CastDoubleToLong(ceil(point.x+x-0.5));
++            x_offset=CastDoubleToSSizeT(ceil(point.x+x-0.5));
+             if ((x_offset < 0) || (x_offset >= (ssize_t) image->columns))
+               {
+                 if (q != (Quantum *) NULL)
+@@ -2102,7 +2102,7 @@ static MagickBooleanType RenderPostscript(Image *image,
+       crop_info=GetImageBoundingBox(annotate_image,exception);
+       crop_info.height=(size_t) ((resolution.y/DefaultResolution)*
+         ExpandAffine(&draw_info->affine)*draw_info->pointsize+0.5);
+-      crop_info.y=CastDoubleToLong(ceil((resolution.y/DefaultResolution)*
++      crop_info.y=CastDoubleToSSizeT(ceil((resolution.y/DefaultResolution)*
+         extent.y/8.0-0.5));
+       (void) FormatLocaleString(geometry,MagickPathExtent,
+         "%.20gx%.20g%+.20g%+.20g",(double) crop_info.width,(double)
+diff --git a/MagickCore/draw.c b/MagickCore/draw.c
+index facea115e..02df7d231 100644
+--- a/MagickCore/draw.c
++++ b/MagickCore/draw.c
+@@ -1233,8 +1233,8 @@ MagickExport MagickBooleanType DrawAffineImage(Image *image,
+   edge.y2=MagickMin(max.y,(double) image->rows-1.0);
+   inverse_affine=InverseAffineMatrix(affine);
+   GetPixelInfo(image,&zero);
+-  start=CastDoubleToLong(ceil(edge.y1-0.5));
+-  stop=CastDoubleToLong(floor(edge.y2+0.5));
++  start=CastDoubleToSSizeT(ceil(edge.y1-0.5));
++  stop=CastDoubleToSSizeT(floor(edge.y2+0.5));
+   source_view=AcquireVirtualCacheView(source,exception);
+   image_view=AcquireAuthenticCacheView(image,exception);
+ #if defined(MAGICKCORE_OPENMP_SUPPORT)
+@@ -1267,16 +1267,16 @@ MagickExport MagickBooleanType DrawAffineImage(Image *image,
+     inverse_edge=AffineEdge(source,&inverse_affine,(double) y,&edge);
+     if (inverse_edge.x2 < inverse_edge.x1)
+       continue;
+-    q=GetCacheViewAuthenticPixels(image_view,CastDoubleToLong(
+-      ceil(inverse_edge.x1-0.5)),y,(size_t) CastDoubleToLong(floor(
++    q=GetCacheViewAuthenticPixels(image_view,CastDoubleToSSizeT(
++      ceil(inverse_edge.x1-0.5)),y,(size_t) CastDoubleToSSizeT(floor(
+       inverse_edge.x2+0.5)-ceil(inverse_edge.x1-0.5)+1),1,exception);
+     if (q == (Quantum *) NULL)
+       continue;
+     pixel=zero;
+     composite=zero;
+     x_offset=0;
+-    for (x=CastDoubleToLong(ceil(inverse_edge.x1-0.5));
+-         x <= CastDoubleToLong(floor(inverse_edge.x2+0.5)); x++)
++    for (x=CastDoubleToSSizeT(ceil(inverse_edge.x1-0.5));
++         x <= CastDoubleToSSizeT(floor(inverse_edge.x2+0.5)); x++)
+     {
+       point.x=(double) x*inverse_affine.sx+y*inverse_affine.ry+
+         inverse_affine.tx;
+@@ -2090,8 +2090,8 @@ MagickExport MagickBooleanType DrawGradientImage(Image *image,
+         case UndefinedSpread:
+         case PadSpread:
+         {
+-          if ((x != CastDoubleToLong(ceil(gradient_vector->x1-0.5))) ||
+-              (y != CastDoubleToLong(ceil(gradient_vector->y1-0.5))))
++          if ((x != CastDoubleToSSizeT(ceil(gradient_vector->x1-0.5))) ||
++              (y != CastDoubleToSSizeT(ceil(gradient_vector->y1-0.5))))
+             {
+               offset=GetStopColorOffset(gradient,x,y);
+               if (gradient->type != RadialGradient)
+@@ -2118,8 +2118,8 @@ MagickExport MagickBooleanType DrawGradientImage(Image *image,
+         }
+         case ReflectSpread:
+         {
+-          if ((x != CastDoubleToLong(ceil(gradient_vector->x1-0.5))) ||
+-              (y != CastDoubleToLong(ceil(gradient_vector->y1-0.5))))
++          if ((x != CastDoubleToSSizeT(ceil(gradient_vector->x1-0.5))) ||
++              (y != CastDoubleToSSizeT(ceil(gradient_vector->y1-0.5))))
+             {
+               offset=GetStopColorOffset(gradient,x,y);
+               if (gradient->type != RadialGradient)
+@@ -2160,8 +2160,8 @@ MagickExport MagickBooleanType DrawGradientImage(Image *image,
+ 
+           antialias=MagickFalse;
+           repeat=0.0;
+-          if ((x != CastDoubleToLong(ceil(gradient_vector->x1-0.5))) ||
+-              (y != CastDoubleToLong(ceil(gradient_vector->y1-0.5))))
++          if ((x != CastDoubleToSSizeT(ceil(gradient_vector->x1-0.5))) ||
++              (y != CastDoubleToSSizeT(ceil(gradient_vector->y1-0.5))))
+             {
+               offset=GetStopColorOffset(gradient,x,y);
+               if (gradient->type == LinearGradient)
+@@ -3457,21 +3457,21 @@ static MagickBooleanType RenderMVGContent(Image *image,
+                 (void) GetNextToken(q,&q,extent,token);
+                 (void) CopyMagickString(name,token,MagickPathExtent);
+                 (void) GetNextToken(q,&q,extent,token);
+-                bounds.x=CastDoubleToLong(ceil(GetDrawValue(token,
++                bounds.x=CastDoubleToSSizeT(ceil(GetDrawValue(token,
+                   &next_token)-0.5));
+                 if (token == next_token)
+                   ThrowPointExpectedException(token,exception);
+                 (void) GetNextToken(q,&q,extent,token);
+                 if (*token == ',')
+                   (void) GetNextToken(q,&q,extent,token);
+-                bounds.y=CastDoubleToLong(ceil(GetDrawValue(token,
++                bounds.y=CastDoubleToSSizeT(ceil(GetDrawValue(token,
+                   &next_token)-0.5));
+                 if (token == next_token)
+                   ThrowPointExpectedException(token,exception);
+                 (void) GetNextToken(q,&q,extent,token);
+                 if (*token == ',')
+                   (void) GetNextToken(q,&q,extent,token);
+-                bounds.width=(size_t) CastDoubleToLong(floor(GetDrawValue(
++                bounds.width=(size_t) CastDoubleToSSizeT(floor(GetDrawValue(
+                   token,&next_token)+0.5));
+                 if (token == next_token)
+                   ThrowPointExpectedException(token,exception);
+@@ -3882,28 +3882,28 @@ static MagickBooleanType RenderMVGContent(Image *image,
+         if (LocaleCompare("viewbox",keyword) == 0)
+           {
+             (void) GetNextToken(q,&q,extent,token);
+-            graphic_context[n]->viewbox.x=CastDoubleToLong(ceil(
++            graphic_context[n]->viewbox.x=CastDoubleToSSizeT(ceil(
+               GetDrawValue(token,&next_token)-0.5));
+             if (token == next_token)
+               ThrowPointExpectedException(token,exception);
+             (void) GetNextToken(q,&q,extent,token);
+             if (*token == ',')
+               (void) GetNextToken(q,&q,extent,token);
+-            graphic_context[n]->viewbox.y=CastDoubleToLong(ceil(
++            graphic_context[n]->viewbox.y=CastDoubleToSSizeT(ceil(
+               GetDrawValue(token,&next_token)-0.5));
+             if (token == next_token)
+               ThrowPointExpectedException(token,exception);
+             (void) GetNextToken(q,&q,extent,token);
+             if (*token == ',')
+               (void) GetNextToken(q,&q,extent,token);
+-            graphic_context[n]->viewbox.width=(size_t) CastDoubleToLong(
++            graphic_context[n]->viewbox.width=(size_t) CastDoubleToSSizeT(
+               floor(GetDrawValue(token,&next_token)+0.5));
+             if (token == next_token)
+               ThrowPointExpectedException(token,exception);
+             (void) GetNextToken(q,&q,extent,token);
+             if (*token == ',')
+               (void) GetNextToken(q,&q,extent,token);
+-            graphic_context[n]->viewbox.height=(size_t) CastDoubleToLong(
++            graphic_context[n]->viewbox.height=(size_t) CastDoubleToSSizeT(
+               floor(GetDrawValue(token,&next_token)+0.5));
+             if (token == next_token)
+               ThrowPointExpectedException(token,exception);
+@@ -5017,8 +5017,8 @@ static MagickBooleanType DrawPolygonPrimitive(Image *image,
+         GetPixelInfo(image,&pixel);
+         for ( ; x <= stop_x; x++)
+         {
+-          if ((x == CastDoubleToLong(ceil(primitive_info->point.x-0.5))) &&
+-              (y == CastDoubleToLong(ceil(primitive_info->point.y-0.5))))
++          if ((x == CastDoubleToSSizeT(ceil(primitive_info->point.x-0.5))) &&
++              (y == CastDoubleToSSizeT(ceil(primitive_info->point.y-0.5))))
+             {
+               GetFillColor(draw_info,x-start_x,y-start_y,&pixel,exception);
+               SetPixelViaPixelInfo(image,&pixel,q);
+@@ -5164,8 +5164,8 @@ static void LogPrimitiveInfo(const PrimitiveInfo *primitive_info)
+     coordinates,
+     y;
+ 
+-  x=CastDoubleToLong(ceil(primitive_info->point.x-0.5));
+-  y=CastDoubleToLong(ceil(primitive_info->point.y-0.5));
++  x=CastDoubleToSSizeT(ceil(primitive_info->point.x-0.5));
++  y=CastDoubleToSSizeT(ceil(primitive_info->point.y-0.5));
+   switch (primitive_info->primitive)
+   {
+     case AlphaPrimitive:
+@@ -5278,8 +5278,8 @@ MagickExport MagickBooleanType DrawPrimitive(Image *image,
+       status&=SetImageMask(image,CompositePixelMask,draw_info->composite_mask,
+         exception);
+     }
+-  x=CastDoubleToLong(ceil(primitive_info->point.x-0.5));
+-  y=CastDoubleToLong(ceil(primitive_info->point.y-0.5));
++  x=CastDoubleToSSizeT(ceil(primitive_info->point.x-0.5));
++  y=CastDoubleToSSizeT(ceil(primitive_info->point.y-0.5));
+   image_view=AcquireAuthenticCacheView(image,exception);
+   switch (primitive_info->primitive)
+   {
+@@ -5557,8 +5557,8 @@ MagickExport MagickBooleanType DrawPrimitive(Image *image,
+       composite_images=DestroyImageList(composite_images);
+       (void) SetImageProgressMonitor(composite_image,(MagickProgressMonitor)
+         NULL,(void *) NULL);
+-      x1=CastDoubleToLong(ceil(primitive_info[1].point.x-0.5));
+-      y1=CastDoubleToLong(ceil(primitive_info[1].point.y-0.5));
++      x1=CastDoubleToSSizeT(ceil(primitive_info[1].point.x-0.5));
++      y1=CastDoubleToSSizeT(ceil(primitive_info[1].point.y-0.5));
+       if (((x1 != 0L) && (x1 != (ssize_t) composite_image->columns)) ||
+           ((y1 != 0L) && (y1 != (ssize_t) composite_image->rows)))
+         {
+@@ -6167,7 +6167,7 @@ static MagickBooleanType TraceArcPath(MVGInfo *mvg_info,const PointInfo start,
+   else
+     if ((theta > 0.0) && (sweep == MagickFalse))
+       theta-=2.0*MagickPI;
+-  arc_segments=(size_t) CastDoubleToLong(ceil(fabs((double) (theta/(0.5*
++  arc_segments=(size_t) CastDoubleToSSizeT(ceil(fabs((double) (theta/(0.5*
+     MagickPI+MagickEpsilon)))));
+   status=MagickTrue;
+   p=primitive_info;
+@@ -7517,7 +7517,7 @@ static PrimitiveInfo *TraceStrokePolygon(const DrawInfo *draw_info,
+           theta.q=atan2(box_q[2].y-center.y,box_q[2].x-center.x);
+           if (theta.q < theta.p)
+             theta.q+=2.0*MagickPI;
+-          arc_segments=(size_t) CastDoubleToLong(ceil((double) ((theta.
++          arc_segments=(size_t) CastDoubleToSSizeT(ceil((double) ((theta.
+             q-theta.p)/(2.0*sqrt(PerceptibleReciprocal(mid))))));
+           CheckPathExtent(MaxStrokePad,arc_segments+MaxStrokePad);
+           stroke_q[q].x=box_q[1].x;
+@@ -7590,7 +7590,7 @@ static PrimitiveInfo *TraceStrokePolygon(const DrawInfo *draw_info,
+           theta.q=atan2(box_p[2].y-center.y,box_p[2].x-center.x);
+           if (theta.p < theta.q)
+             theta.p+=2.0*MagickPI;
+-          arc_segments=(size_t) CastDoubleToLong(ceil((double) ((theta.p-
++          arc_segments=(size_t) CastDoubleToSSizeT(ceil((double) ((theta.p-
+             theta.q)/(2.0*sqrt((double) (1.0/mid))))));
+           CheckPathExtent(arc_segments+MaxStrokePad,MaxStrokePad);
+           stroke_p[p++]=box_p[1];
+diff --git a/MagickCore/effect.c b/MagickCore/effect.c
+index bfb1363f2..a37a1999e 100644
+--- a/MagickCore/effect.c
++++ b/MagickCore/effect.c
+@@ -288,7 +288,7 @@ MagickExport Image *AdaptiveBlurImage(const Image *image,const double radius,
+         center,
+         j;
+ 
+-      j=CastDoubleToLong(ceil((double) width*(1.0-QuantumScale*
++      j=CastDoubleToSSizeT(ceil((double) width*(1.0-QuantumScale*
+         GetPixelIntensity(edge_image,r))-0.5));
+       if (j < 0)
+         j=0;
+@@ -609,7 +609,7 @@ MagickExport Image *AdaptiveSharpenImage(const Image *image,const double radius,
+         center,
+         j;
+ 
+-      j=CastDoubleToLong(ceil((double) width*(1.0-QuantumScale*
++      j=CastDoubleToSSizeT(ceil((double) width*(1.0-QuantumScale*
+         GetPixelIntensity(edge_image,r))-0.5));
+       if (j < 0)
+         j=0;
+@@ -2402,9 +2402,9 @@ MagickExport Image *MotionBlurImage(const Image *image,const double radius,
+   point.y=(double) width*cos(DegreesToRadians(angle));
+   for (i=0; i < (ssize_t) width; i++)
+   {
+-    offset[i].x=CastDoubleToLong(ceil((double) (i*point.y)/
++    offset[i].x=CastDoubleToSSizeT(ceil((double) (i*point.y)/
+       hypot(point.x,point.y)-0.5));
+-    offset[i].y=CastDoubleToLong(ceil((double) (i*point.x)/
++    offset[i].y=CastDoubleToSSizeT(ceil((double) (i*point.x)/
+       hypot(point.x,point.y)-0.5));
+   }
+   /*
+diff --git a/MagickCore/gem.c b/MagickCore/gem.c
+index 2c5911f67..4eb8c3fc5 100644
+--- a/MagickCore/gem.c
++++ b/MagickCore/gem.c
+@@ -692,7 +692,7 @@ MagickPrivate void ConvertHWBToRGB(const double hue,const double whiteness,
+       *blue=QuantumRange*v;
+       return;
+     }
+-  i=CastDoubleToLong(floor(6.0*hue));
++  i=CastDoubleToSSizeT(floor(6.0*hue));
+   f=6.0*hue-i;
+   if ((i & 0x01) != 0)
+     f=1.0-f;
+diff --git a/MagickCore/geometry.c b/MagickCore/geometry.c
+index 5c6e2ad69..dd46a96fc 100644
+--- a/MagickCore/geometry.c
++++ b/MagickCore/geometry.c
+@@ -241,7 +241,7 @@ MagickExport MagickStatusType GetGeometry(const char *geometry,ssize_t *x,
+               if (LocaleNCompare(p,"0x",2) == 0)
+                 *width=(size_t) strtol(p,&p,10);
+               else
+-                *width=((size_t) floor(StringToDouble(p,&p)+0.5)) & 0x7fffffff;
++                *width=CastDoubleToSizeT(StringToDouble(p,&p));
+             }
+           if (p != q)
+             flags|=WidthValue;
+@@ -260,7 +260,7 @@ MagickExport MagickStatusType GetGeometry(const char *geometry,ssize_t *x,
+               */
+               q=p;
+               if (height != (size_t *) NULL)
+-                *height=((size_t) floor(StringToDouble(p,&p)+0.5)) & 0x7fffffff;
++                *height=CastDoubleToSizeT(StringToDouble(p,&p));
+               if (p != q)
+                 flags|=HeightValue;
+             }
+@@ -279,7 +279,7 @@ MagickExport MagickStatusType GetGeometry(const char *geometry,ssize_t *x,
+       }
+       q=p;
+       if (x != (ssize_t *) NULL)
+-        *x=((ssize_t) ceil(StringToDouble(p,&p)-0.5)) & 0x7fffffff;
++        *x=CastDoubleToSSizeT(StringToDouble(p,&p));
+       if (p != q)
+         {
+           flags|=XValue;
+@@ -300,7 +300,7 @@ MagickExport MagickStatusType GetGeometry(const char *geometry,ssize_t *x,
+       }
+       q=p;
+       if (y != (ssize_t *) NULL)
+-        *y=((ssize_t) ceil(StringToDouble(p,&p)-0.5)) & 0x7fffffff;
++        *y=CastDoubleToSSizeT(StringToDouble(p,&p));
+       if (p != q)
+         {
+           flags|=YValue;
+@@ -1285,8 +1285,8 @@ MagickExport MagickStatusType ParseGravityGeometry(const Image *image,
+       scale.y=geometry_info.sigma;
+       if ((status & SigmaValue) == 0)
+         scale.y=scale.x;
+-      region_info->width=(size_t) floor((scale.x*image->columns/100.0)+0.5);
+-      region_info->height=(size_t) floor((scale.y*image->rows/100.0)+0.5);
++      region_info->width=CastDoubleToSizeT(scale.x*image->columns/100.0);
++      region_info->height=CastDoubleToSizeT(scale.y*image->rows/100.0);
+     }
+   if ((flags & AspectRatioValue) != 0)
+     {
+@@ -1308,13 +1308,13 @@ MagickExport MagickStatusType ParseGravityGeometry(const Image *image,
+       if (geometry_ratio >= image_ratio)
+         {
+           region_info->width=image->columns;
+-          region_info->height=(size_t) floor((double) (image->rows*image_ratio/
+-            geometry_ratio)+0.5);
++          region_info->height=CastDoubleToSizeT((double) image->rows*image_ratio/
++            geometry_ratio);
+         }
+       else
+         {
+-          region_info->width=(size_t) floor((double) (image->columns*
+-            geometry_ratio/image_ratio)+0.5);
++          region_info->width=CastDoubleToSizeT((double) image->columns*
++            geometry_ratio/image_ratio);
+           region_info->height=image->rows;
+         }
+     }
+@@ -1450,8 +1450,8 @@ MagickExport MagickStatusType ParseMetaGeometry(const char *geometry,ssize_t *x,
+         }
+       else
+         {
+-          *width=(size_t) floor((double) (PerceptibleReciprocal(
+-            image_ratio)*former_width*geometry_ratio)+0.5);
++          *width=CastDoubleToSizeT(PerceptibleReciprocal(
++            image_ratio)*former_width*geometry_ratio);
+           *height=former_height;
+         }
+       former_width=(*width);
+diff --git a/MagickCore/image-private.h b/MagickCore/image-private.h
+index 59b88fb6f..694c19d54 100644
+--- a/MagickCore/image-private.h
++++ b/MagickCore/image-private.h
+@@ -41,6 +41,9 @@ extern "C" {
+ #define MagickSQ1_2  0.70710678118654752440084436210484903928483593768847
+ #define MagickSQ2    1.41421356237309504880168872420969807856967187537695
+ #define MagickSQ2PI  2.50662827463100024161235523934010416269302368164062
++#define MAGICK_SIZE_MAX  (SIZE_MAX)
++#define MAGICK_SSIZE_MAX  (SSIZE_MAX)
++#define MAGICK_SSIZE_MIN  (-(SSIZE_MAX)-1)
+ #define MatteColor  "#bdbdbd"  /* gray */
+ #define PSDensityGeometry  "72.0x72.0"
+ #define PSPageGeometry  "612x792"
+@@ -50,17 +53,6 @@ extern "C" {
+ #define UndefinedCompressionQuality  0UL
+ #define UndefinedTicksPerSecond  100L
+ 
+-static inline ssize_t CastDoubleToLong(const double value)
+-{
+-  if (IsNaN(value) != 0)
+-    return(0);
+-  if (value > (double) MAGICK_SSIZE_MAX)
+-    return((ssize_t) MAGICK_SSIZE_MAX);
+-  if (value < (double) MAGICK_SSIZE_MIN)
+-    return((ssize_t) MAGICK_SSIZE_MIN);
+-  return((ssize_t) value);
+-}
+-
+ static inline QuantumAny CastDoubleToQuantumAny(const double x)
+ {
+   if (IsNaN(x) != 0)
+@@ -72,6 +64,29 @@ static inline QuantumAny CastDoubleToQuantumAny(const double x)
+   return((QuantumAny) (x+0.5));
+ }
+ 
++static inline size_t CastDoubleToSizeT(const double x)
++{
++  if (IsNaN(x) != 0)
++    return(0);
++  if (x > ((double) MAGICK_SIZE_MAX+0.5))
++    return((size_t) MAGICK_SIZE_MAX);
++  return((size_t) floor(x+0.5));
++}
++
++static inline ssize_t CastDoubleToSSizeT(const double x)
++{
++  if (IsNaN(x) != 0)
++    return(0);
++  if (x > ((double) MAGICK_SSIZE_MAX+0.5))
++    return((ssize_t) MAGICK_SSIZE_MAX);
++  if (x < ((double) MAGICK_SSIZE_MIN-0.5))
++    return((ssize_t) MAGICK_SSIZE_MIN);
++  if (x >= 0.0)
++    return((ssize_t) floor(x+0.5));
++  return((ssize_t) ceil(x-0.5));
++}
++
++
+ static inline double DegreesToRadians(const double degrees)
+ {
+   return((double) (MagickPI*degrees/180.0));
+diff --git a/MagickCore/image.c b/MagickCore/image.c
+index 3e6fdd114..7b8caa0d2 100644
+--- a/MagickCore/image.c
++++ b/MagickCore/image.c
+@@ -282,21 +282,21 @@ MagickExport Image *AcquireImage(const ImageInfo *image_info,
+       if ((flags & GreaterValue) != 0)
+         {
+           if ((double) image->delay > floor(geometry_info.rho+0.5))
+-            image->delay=(size_t) CastDoubleToLong(floor(
++            image->delay=(size_t) CastDoubleToSSizeT(floor(
+               geometry_info.rho+0.5));
+         }
+       else
+         if ((flags & LessValue) != 0)
+           {
+             if ((double) image->delay < floor(geometry_info.rho+0.5))
+-              image->ticks_per_second=CastDoubleToLong(floor(
++              image->ticks_per_second=CastDoubleToSSizeT(floor(
+                 geometry_info.sigma+0.5));
+           }
+         else
+-          image->delay=(size_t) CastDoubleToLong(floor(
++          image->delay=(size_t) CastDoubleToSSizeT(floor(
+             geometry_info.rho+0.5));
+       if ((flags & SigmaValue) != 0)
+-        image->ticks_per_second=CastDoubleToLong(floor(
++        image->ticks_per_second=CastDoubleToSSizeT(floor(
+           geometry_info.sigma+0.5));
+     }
+   option=GetImageOption(image_info,"dispose");
+@@ -881,18 +881,18 @@ MagickExport Image *CloneImage(const Image *image,const size_t columns,
+   scale=1.0;
+   if (image->columns != 0)
+     scale=(double) columns/(double) image->columns;
+-  clone_image->page.width=(size_t) CastDoubleToLong(floor(scale*
++  clone_image->page.width=(size_t) CastDoubleToSSizeT(floor(scale*
+     image->page.width+0.5));
+-  clone_image->page.x=CastDoubleToLong(ceil(scale*image->page.x-0.5));
+-  clone_image->tile_offset.x=CastDoubleToLong(ceil(scale*
++  clone_image->page.x=CastDoubleToSSizeT(ceil(scale*image->page.x-0.5));
++  clone_image->tile_offset.x=CastDoubleToSSizeT(ceil(scale*
+     image->tile_offset.x-0.5));
+   scale=1.0;
+   if (image->rows != 0)
+     scale=(double) rows/(double) image->rows;
+-  clone_image->page.height=(size_t) CastDoubleToLong(floor(scale*
++  clone_image->page.height=(size_t) CastDoubleToSSizeT(floor(scale*
+     image->page.height+0.5));
+-  clone_image->page.y=CastDoubleToLong(ceil(scale*image->page.y-0.5));
+-  clone_image->tile_offset.y=CastDoubleToLong(ceil(scale*
++  clone_image->page.y=CastDoubleToSSizeT(ceil(scale*image->page.y-0.5));
++  clone_image->tile_offset.y=CastDoubleToSSizeT(ceil(scale*
+     image->tile_offset.y-0.5));
+   clone_image->cache=ClonePixelCache(image->cache);
+   if (SetImageExtent(clone_image,columns,rows,exception) == MagickFalse)
+diff --git a/MagickCore/pixel.c b/MagickCore/pixel.c
+index 5c1c5296f..c2aea7c1d 100644
+--- a/MagickCore/pixel.c
++++ b/MagickCore/pixel.c
+@@ -4515,8 +4515,8 @@ MagickExport MagickBooleanType InterpolatePixelChannel(
+   status=MagickTrue;
+   *pixel=0.0;
+   traits=GetPixelChannelTraits(image,channel);
+-  x_offset=CastDoubleToLong(floor(x));
+-  y_offset=CastDoubleToLong(floor(y));
++  x_offset=CastDoubleToSSizeT(floor(x));
++  y_offset=CastDoubleToSSizeT(floor(y));
+   interpolate=method;
+   if (interpolate == UndefinedInterpolatePixel)
+     interpolate=image->interpolate;
+@@ -4533,8 +4533,8 @@ MagickExport MagickBooleanType InterpolatePixelChannel(
+       if (interpolate == Average9InterpolatePixel)
+         {
+           count=3;
+-          x_offset=CastDoubleToLong(floor(x+0.5)-1.0);
+-          y_offset=CastDoubleToLong(floor(y+0.5)-1.0);
++          x_offset=CastDoubleToSSizeT(floor(x+0.5)-1.0);
++          y_offset=CastDoubleToSSizeT(floor(y+0.5)-1.0);
+         }
+       else
+         if (interpolate == Average16InterpolatePixel)
+@@ -4717,8 +4717,8 @@ MagickExport MagickBooleanType InterpolatePixelChannel(
+     }
+     case NearestInterpolatePixel:
+     {
+-      x_offset=CastDoubleToLong(floor(x+0.5));
+-      y_offset=CastDoubleToLong(floor(y+0.5));
++      x_offset=CastDoubleToSSizeT(floor(x+0.5));
++      y_offset=CastDoubleToSSizeT(floor(y+0.5));
+       p=GetCacheViewVirtualPixels(image_view,x_offset,y_offset,1,1,exception);
+       if (p == (const Quantum *) NULL)
+         {
+@@ -4935,8 +4935,8 @@ MagickExport MagickBooleanType InterpolatePixelChannels(
+   assert(source->signature == MagickCoreSignature);
+   assert(source_view != (CacheView *) NULL);
+   status=MagickTrue;
+-  x_offset=CastDoubleToLong(floor(x));
+-  y_offset=CastDoubleToLong(floor(y));
++  x_offset=CastDoubleToSSizeT(floor(x));
++  y_offset=CastDoubleToSSizeT(floor(y));
+   interpolate=method;
+   if (interpolate == UndefinedInterpolatePixel)
+     interpolate=source->interpolate;
+@@ -4953,8 +4953,8 @@ MagickExport MagickBooleanType InterpolatePixelChannels(
+       if (interpolate == Average9InterpolatePixel)
+         {
+           count=3;
+-          x_offset=CastDoubleToLong(floor(x+0.5)-1.0);
+-          y_offset=CastDoubleToLong(floor(y+0.5)-1.0);
++          x_offset=CastDoubleToSSizeT(floor(x+0.5)-1.0);
++          y_offset=CastDoubleToSSizeT(floor(y+0.5)-1.0);
+         }
+       else
+         if (interpolate == Average16InterpolatePixel)
+@@ -5218,8 +5218,8 @@ MagickExport MagickBooleanType InterpolatePixelChannels(
+     }
+     case NearestInterpolatePixel:
+     {
+-      x_offset=CastDoubleToLong(floor(x+0.5));
+-      y_offset=CastDoubleToLong(floor(y+0.5));
++      x_offset=CastDoubleToSSizeT(floor(x+0.5));
++      y_offset=CastDoubleToSSizeT(floor(y+0.5));
+       p=GetCacheViewVirtualPixels(source_view,x_offset,y_offset,1,1,exception);
+       if (p == (const Quantum *) NULL)
+         {
+@@ -5502,8 +5502,8 @@ MagickExport MagickBooleanType InterpolatePixelInfo(const Image *image,
+   assert(image->signature == MagickCoreSignature);
+   assert(image_view != (CacheView *) NULL);
+   status=MagickTrue;
+-  x_offset=CastDoubleToLong(floor(x));
+-  y_offset=CastDoubleToLong(floor(y));
++  x_offset=CastDoubleToSSizeT(floor(x));
++  y_offset=CastDoubleToSSizeT(floor(y));
+   interpolate=method;
+   if (interpolate == UndefinedInterpolatePixel)
+     interpolate=image->interpolate;
+@@ -5522,8 +5522,8 @@ MagickExport MagickBooleanType InterpolatePixelInfo(const Image *image,
+       if (interpolate == Average9InterpolatePixel)
+         {
+           count=3;
+-          x_offset=CastDoubleToLong(floor(x+0.5)-1.0);
+-          y_offset=CastDoubleToLong(floor(y+0.5)-1.0);
++          x_offset=CastDoubleToSSizeT(floor(x+0.5)-1.0);
++          y_offset=CastDoubleToSSizeT(floor(y+0.5)-1.0);
+         }
+       else if (interpolate == Average16InterpolatePixel)
+         {
+@@ -5847,8 +5847,8 @@ MagickExport MagickBooleanType InterpolatePixelInfo(const Image *image,
+     }
+     case NearestInterpolatePixel:
+     {
+-      x_offset=CastDoubleToLong(floor(x+0.5));
+-      y_offset=CastDoubleToLong(floor(y+0.5));
++      x_offset=CastDoubleToSSizeT(floor(x+0.5));
++      y_offset=CastDoubleToSSizeT(floor(y+0.5));
+       p=GetCacheViewVirtualPixels(image_view,x_offset,y_offset,1,1,exception);
+       if (p == (const Quantum *) NULL)
+         {
+diff --git a/MagickCore/property.c b/MagickCore/property.c
+index 1b42adaee..b13fa7a17 100644
+--- a/MagickCore/property.c
++++ b/MagickCore/property.c
+@@ -4372,13 +4372,13 @@ MagickExport MagickBooleanType SetImageProperty(Image *image,
+             if ((flags & LessValue) != 0)
+               {
+                 if ((double) image->delay < floor(geometry_info.rho+0.5))
+-                  image->delay=CastDoubleToLong(
++                  image->delay=CastDoubleToSSizeT(
+                     floor(geometry_info.sigma+0.5));
+               }
+             else
+               image->delay=(size_t) floor(geometry_info.rho+0.5);
+           if ((flags & SigmaValue) != 0)
+-            image->ticks_per_second=CastDoubleToLong(floor(
++            image->ticks_per_second=CastDoubleToSSizeT(floor(
+               geometry_info.sigma+0.5));
+           return(MagickTrue);
+         }
+diff --git a/MagickCore/shear.c b/MagickCore/shear.c
+index 05703ca34..62a98013e 100644
+--- a/MagickCore/shear.c
++++ b/MagickCore/shear.c
+@@ -163,10 +163,10 @@ static MagickBooleanType CropToFitImage(Image **image,
+     if (max.y < extent[i].y)
+       max.y=extent[i].y;
+   }
+-  geometry.x=CastDoubleToLong(ceil(min.x-0.5));
+-  geometry.y=CastDoubleToLong(ceil(min.y-0.5));
+-  geometry.width=(size_t) CastDoubleToLong(floor(max.x-min.x+0.5));
+-  geometry.height=(size_t) CastDoubleToLong(floor(max.y-min.y+0.5));
++  geometry.x=CastDoubleToSSizeT(ceil(min.x-0.5));
++  geometry.y=CastDoubleToSSizeT(ceil(min.y-0.5));
++  geometry.width=(size_t) CastDoubleToSSizeT(floor(max.x-min.x+0.5));
++  geometry.height=(size_t) CastDoubleToSSizeT(floor(max.y-min.y+0.5));
+   page=(*image)->page;
+   (void) ParseAbsoluteGeometry("0x0+0+0",&(*image)->page);
+   crop_image=CropImage(*image,&geometry,exception);
+@@ -1217,7 +1217,7 @@ static MagickBooleanType XShearImage(Image *image,const double degrees,
+         displacement*=(-1.0);
+         direction=LEFT;
+       }
+-    step=CastDoubleToLong(floor((double) displacement));
++    step=CastDoubleToSSizeT(floor((double) displacement));
+     area=(double) (displacement-step);
+     step++;
+     pixel=background;
+@@ -1434,7 +1434,7 @@ static MagickBooleanType YShearImage(Image *image,const double degrees,
+         displacement*=(-1.0);
+         direction=UP;
+       }
+-    step=CastDoubleToLong(floor((double) displacement));
++    step=CastDoubleToSSizeT(floor((double) displacement));
+     area=(double) (displacement-step);
+     step++;
+     pixel=background;
+@@ -1617,11 +1617,11 @@ MagickExport Image *ShearImage(const Image *image,const double x_shear,
+   /*
+     Compute image size.
+   */
+-  bounds.width=image->columns+CastDoubleToLong(floor(fabs(shear.x)*
++  bounds.width=image->columns+CastDoubleToSSizeT(floor(fabs(shear.x)*
+     image->rows+0.5));
+-  bounds.x=CastDoubleToLong(ceil((double) image->columns+((fabs(shear.x)*
++  bounds.x=CastDoubleToSSizeT(ceil((double) image->columns+((fabs(shear.x)*
+     image->rows)-image->columns)/2.0-0.5));
+-  bounds.y=CastDoubleToLong(ceil((double) image->rows+((fabs(shear.y)*
++  bounds.y=CastDoubleToSSizeT(ceil((double) image->rows+((fabs(shear.y)*
+     bounds.width)-image->rows)/2.0-0.5));
+   /*
+     Surround image with border.
+@@ -1770,9 +1770,9 @@ MagickExport Image *ShearRotateImage(const Image *image,const double degrees,
+   bounds.height=(size_t) floor(fabs((double) bounds.width*shear.y)+height+0.5);
+   shear_width=(size_t) floor(fabs((double) bounds.height*shear.x)+
+     bounds.width+0.5);
+-  bounds.x=CastDoubleToLong(floor((double) ((shear_width > bounds.width) ?
++  bounds.x=CastDoubleToSSizeT(floor((double) ((shear_width > bounds.width) ?
+     width : bounds.width-shear_width+2)/2.0+0.5));
+-  bounds.y=CastDoubleToLong(floor(((double) bounds.height-height+2)/2.0+0.5));
++  bounds.y=CastDoubleToSSizeT(floor(((double) bounds.height-height+2)/2.0+0.5));
+   /*
+     Surround image with a border.
+   */
+diff --git a/MagickCore/studio.h b/MagickCore/studio.h
+index fbdcc2d00..a0e8a9a1a 100644
+--- a/MagickCore/studio.h
++++ b/MagickCore/studio.h
+@@ -350,8 +350,6 @@ extern int vsnprintf(char *,size_t,const char *,va_list);
+   Magick defines.
+ */
+ #define MagickMaxRecursionDepth  600
+-#define MAGICK_SSIZE_MAX  (SSIZE_MAX)
+-#define MAGICK_SSIZE_MIN  (-(SSIZE_MAX)-1)
+ #define Swap(x,y) ((x)^=(y), (y)^=(x), (x)^=(y))
+ #if defined(_MSC_VER)
+ # define DisableMSCWarning(nr) __pragma(warning(push)) \
+diff --git a/MagickCore/transform.c b/MagickCore/transform.c
+index 385d5eb68..6afe0a3de 100644
+--- a/MagickCore/transform.c
++++ b/MagickCore/transform.c
+@@ -773,8 +773,8 @@ static inline ssize_t PixelRoundOffset(double x)
+     Round the fraction to nearest integer.
+   */
+   if ((x-floor(x)) < (ceil(x)-x))
+-    return(CastDoubleToLong(floor(x)));
+-  return(CastDoubleToLong(ceil(x)));
++    return(CastDoubleToSSizeT(floor(x)));
++  return(CastDoubleToSSizeT(ceil(x)));
+ }
+ 
+ MagickExport Image *CropImageToTiles(const Image *image,
+diff --git a/MagickCore/visual-effects.c b/MagickCore/visual-effects.c
+index 789660231..069904a08 100644
+--- a/MagickCore/visual-effects.c
++++ b/MagickCore/visual-effects.c
+@@ -1439,8 +1439,8 @@ static MagickBooleanType PlasmaImageProxy(Image *image,CacheView *image_view,
+       */
+       depth--;
+       attenuate++;
+-      x_mid=CastDoubleToLong(ceil((segment->x1+segment->x2)/2-0.5));
+-      y_mid=CastDoubleToLong(ceil((segment->y1+segment->y2)/2-0.5));
++      x_mid=CastDoubleToSSizeT(ceil((segment->x1+segment->x2)/2-0.5));
++      y_mid=CastDoubleToSSizeT(ceil((segment->y1+segment->y2)/2-0.5));
+       local_info=(*segment);
+       local_info.x2=(double) x_mid;
+       local_info.y2=(double) y_mid;
+@@ -1463,8 +1463,8 @@ static MagickBooleanType PlasmaImageProxy(Image *image,CacheView *image_view,
+         &local_info,attenuate,depth,exception);
+       return(status == 0 ? MagickFalse : MagickTrue);
+     }
+-  x_mid=CastDoubleToLong(ceil((segment->x1+segment->x2)/2-0.5));
+-  y_mid=CastDoubleToLong(ceil((segment->y1+segment->y2)/2-0.5));
++  x_mid=CastDoubleToSSizeT(ceil((segment->x1+segment->x2)/2-0.5));
++  y_mid=CastDoubleToSSizeT(ceil((segment->y1+segment->y2)/2-0.5));
+   if ((fabs(segment->x1-x_mid) < MagickEpsilon) &&
+       (fabs(segment->x2-x_mid) < MagickEpsilon) &&
+       (fabs(segment->y1-y_mid) < MagickEpsilon) &&
+@@ -1481,10 +1481,10 @@ static MagickBooleanType PlasmaImageProxy(Image *image,CacheView *image_view,
+       /*
+         Left pixel.
+       */
+-      x=CastDoubleToLong(ceil(segment->x1-0.5));
+-      u=GetCacheViewVirtualPixels(u_view,x,CastDoubleToLong(ceil(
++      x=CastDoubleToSSizeT(ceil(segment->x1-0.5));
++      u=GetCacheViewVirtualPixels(u_view,x,CastDoubleToSSizeT(ceil(
+         segment->y1-0.5)),1,1,exception);
+-      v=GetCacheViewVirtualPixels(v_view,x,CastDoubleToLong(ceil(
++      v=GetCacheViewVirtualPixels(v_view,x,CastDoubleToSSizeT(ceil(
+         segment->y2-0.5)),1,1,exception);
+       q=QueueCacheViewAuthenticPixels(image_view,x,y_mid,1,1,exception);
+       if ((u == (const Quantum *) NULL) || (v == (const Quantum *) NULL) ||
+@@ -1504,10 +1504,10 @@ static MagickBooleanType PlasmaImageProxy(Image *image,CacheView *image_view,
+           /*
+             Right pixel.
+           */
+-          x=CastDoubleToLong(ceil(segment->x2-0.5));
+-          u=GetCacheViewVirtualPixels(u_view,x,CastDoubleToLong(ceil(
++          x=CastDoubleToSSizeT(ceil(segment->x2-0.5));
++          u=GetCacheViewVirtualPixels(u_view,x,CastDoubleToSSizeT(ceil(
+             segment->y1-0.5)),1,1,exception);
+-          v=GetCacheViewVirtualPixels(v_view,x,CastDoubleToLong(ceil(
++          v=GetCacheViewVirtualPixels(v_view,x,CastDoubleToSSizeT(ceil(
+             segment->y2-0.5)),1,1,exception);
+           q=QueueCacheViewAuthenticPixels(image_view,x,y_mid,1,1,exception);
+           if ((u == (const Quantum *) NULL) || (v == (const Quantum *) NULL) ||
+@@ -1533,10 +1533,10 @@ static MagickBooleanType PlasmaImageProxy(Image *image,CacheView *image_view,
+           /*
+             Bottom pixel.
+           */
+-          y=CastDoubleToLong(ceil(segment->y2-0.5));
+-          u=GetCacheViewVirtualPixels(u_view,CastDoubleToLong(ceil(
++          y=CastDoubleToSSizeT(ceil(segment->y2-0.5));
++          u=GetCacheViewVirtualPixels(u_view,CastDoubleToSSizeT(ceil(
+             segment->x1-0.5)),y,1,1,exception);
+-          v=GetCacheViewVirtualPixels(v_view,CastDoubleToLong(ceil(
++          v=GetCacheViewVirtualPixels(v_view,CastDoubleToSSizeT(ceil(
+             segment->x2-0.5)),y,1,1,exception);
+           q=QueueCacheViewAuthenticPixels(image_view,x_mid,y,1,1,exception);
+           if ((u == (const Quantum *) NULL) || (v == (const Quantum *) NULL) ||
+@@ -1557,10 +1557,10 @@ static MagickBooleanType PlasmaImageProxy(Image *image,CacheView *image_view,
+           /*
+             Top pixel.
+           */
+-          y=CastDoubleToLong(ceil(segment->y1-0.5));
+-          u=GetCacheViewVirtualPixels(u_view,CastDoubleToLong(ceil(
++          y=CastDoubleToSSizeT(ceil(segment->y1-0.5));
++          u=GetCacheViewVirtualPixels(u_view,CastDoubleToSSizeT(ceil(
+             segment->x1-0.5)),y,1,1,exception);
+-          v=GetCacheViewVirtualPixels(v_view,CastDoubleToLong(ceil(
++          v=GetCacheViewVirtualPixels(v_view,CastDoubleToSSizeT(ceil(
+             segment->x2-0.5)),y,1,1,exception);
+           q=QueueCacheViewAuthenticPixels(image_view,x_mid,y,1,1,exception);
+           if ((u == (const Quantum *) NULL) || (v == (const Quantum *) NULL) ||
+@@ -1583,11 +1583,11 @@ static MagickBooleanType PlasmaImageProxy(Image *image,CacheView *image_view,
+       /*
+         Middle pixel.
+       */
+-      x=CastDoubleToLong(ceil(segment->x1-0.5));
+-      y=CastDoubleToLong(ceil(segment->y1-0.5));
++      x=CastDoubleToSSizeT(ceil(segment->x1-0.5));
++      y=CastDoubleToSSizeT(ceil(segment->y1-0.5));
+       u=GetCacheViewVirtualPixels(u_view,x,y,1,1,exception);
+-      x=CastDoubleToLong(ceil(segment->x2-0.5));
+-      y=CastDoubleToLong(ceil(segment->y2-0.5));
++      x=CastDoubleToSSizeT(ceil(segment->x2-0.5));
++      y=CastDoubleToSSizeT(ceil(segment->y2-0.5));
+       v=GetCacheViewVirtualPixels(v_view,x,y,1,1,exception);
+       q=QueueCacheViewAuthenticPixels(image_view,x_mid,y_mid,1,1,exception);
+       if ((u == (const Quantum *) NULL) || (v == (const Quantum *) NULL) ||
+diff --git a/MagickWand/drawing-wand.c b/MagickWand/drawing-wand.c
+index cc1fbc640..002798ba0 100644
+--- a/MagickWand/drawing-wand.c
++++ b/MagickWand/drawing-wand.c
+@@ -4285,10 +4285,10 @@ WandExport MagickBooleanType DrawPushPattern(DrawingWand *wand,
+     x,y,width,height);
+   wand->indent_depth++;
+   wand->pattern_id=AcquireString(pattern_id);
+-  wand->pattern_bounds.x=CastDoubleToLong(ceil(x-0.5));
+-  wand->pattern_bounds.y=CastDoubleToLong(ceil(y-0.5));
+-  wand->pattern_bounds.width=(size_t) CastDoubleToLong(floor(width+0.5));
+-  wand->pattern_bounds.height=(size_t) CastDoubleToLong(floor(height+0.5));
++  wand->pattern_bounds.x=CastDoubleToSSizeT(ceil(x-0.5));
++  wand->pattern_bounds.y=CastDoubleToSSizeT(ceil(y-0.5));
++  wand->pattern_bounds.width=(size_t) CastDoubleToSSizeT(floor(width+0.5));
++  wand->pattern_bounds.height=(size_t) CastDoubleToSSizeT(floor(height+0.5));
+   wand->pattern_offset=wand->mvg_length;
+   return(MagickTrue);
+ }
+diff --git a/MagickWand/studio.h b/MagickWand/studio.h
+index 3dcb4d304..4daf7e894 100644
+--- a/MagickWand/studio.h
++++ b/MagickWand/studio.h
+@@ -305,8 +305,6 @@ extern int vsnprintf(char *,size_t,const char *,va_list);
+ /*
+   Magick defines.
+ */
+-#define MAGICK_SSIZE_MAX  (SSIZE_MAX)
+-#define MAGICK_SSIZE_MIN  (-(SSIZE_MAX)-1)
+ #if defined(_MSC_VER)
+ # define DisableMSCWarning(nr) __pragma(warning(push)) \
+   __pragma(warning(disable:nr))
+diff --git a/coders/histogram.c b/coders/histogram.c
+index 0df364c12..15ee9772d 100644
+--- a/coders/histogram.c
++++ b/coders/histogram.c
+@@ -295,7 +295,7 @@ static MagickBooleanType WriteHISTOGRAMImage(const ImageInfo *image_info,
+       break;
+     if ((GetPixelRedTraits(image) & UpdatePixelTrait) != 0)
+       {
+-        y=CastDoubleToLong(ceil((double) histogram_image->rows-scale*
++        y=CastDoubleToSSizeT(ceil((double) histogram_image->rows-scale*
+           histogram[x].red-0.5));
+         r=q+y*GetPixelChannels(histogram_image);
+         for ( ; y < (ssize_t) histogram_image->rows; y++)
+@@ -306,7 +306,7 @@ static MagickBooleanType WriteHISTOGRAMImage(const ImageInfo *image_info,
+       }
+     if ((GetPixelGreenTraits(image) & UpdatePixelTrait) != 0)
+       {
+-        y=CastDoubleToLong(ceil((double) histogram_image->rows-scale*
++        y=CastDoubleToSSizeT(ceil((double) histogram_image->rows-scale*
+           histogram[x].green-0.5));
+         r=q+y*GetPixelChannels(histogram_image);
+         for ( ; y < (ssize_t) histogram_image->rows; y++)
+@@ -317,7 +317,7 @@ static MagickBooleanType WriteHISTOGRAMImage(const ImageInfo *image_info,
+       }
+     if ((GetPixelBlueTraits(image) & UpdatePixelTrait) != 0)
+       {
+-        y=CastDoubleToLong(ceil((double) histogram_image->rows-scale*
++        y=CastDoubleToSSizeT(ceil((double) histogram_image->rows-scale*
+           histogram[x].blue-0.5));
+         r=q+y*GetPixelChannels(histogram_image);
+         for ( ; y < (ssize_t) histogram_image->rows; y++)
+diff --git a/coders/jpeg.c b/coders/jpeg.c
+index db385358b..d779644ab 100644
+--- a/coders/jpeg.c
++++ b/coders/jpeg.c
+@@ -2325,7 +2325,8 @@ static MagickBooleanType WriteJPEGImage_(const ImageInfo *image_info,
+   if (image->debug != MagickFalse)
+     (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+       "Image resolution: %.20g,%.20g",image->resolution.x,image->resolution.y);
+-  if ((image->resolution.x != 0.0) && (image->resolution.y != 0.0))
++  if ((image->resolution.x >= 0) && (image->resolution.x < (double) SHRT_MAX) &&
++      (image->resolution.y >= 0) && (image->resolution.y < (double) SHRT_MAX))
+     {
+       /*
+         Set image resolution.
+diff --git a/coders/png.c b/coders/png.c
+index e730edb03..6f88e9cdc 100644
+--- a/coders/png.c
++++ b/coders/png.c
+@@ -10020,23 +10020,23 @@ static MagickBooleanType WriteOnePNGImage(MngInfo *mng_info,
+         {
+           ping_pHYs_unit_type=PNG_RESOLUTION_METER;
+           ping_pHYs_x_resolution=
+-             (png_uint_32) ((100.0*image->resolution.x+0.5)/2.54);
++             (png_uint_32) CastDoubleToSizeT((100.0*image->resolution.x+0.5)/2.54);
+           ping_pHYs_y_resolution=
+-             (png_uint_32) ((100.0*image->resolution.y+0.5)/2.54);
++             (png_uint_32) CastDoubleToSizeT((100.0*image->resolution.y+0.5)/2.54);
+         }
+ 
+       else if (image->units == PixelsPerCentimeterResolution)
+         {
+           ping_pHYs_unit_type=PNG_RESOLUTION_METER;
+-          ping_pHYs_x_resolution=(png_uint_32) (100.0*image->resolution.x+0.5);
+-          ping_pHYs_y_resolution=(png_uint_32) (100.0*image->resolution.y+0.5);
++          ping_pHYs_x_resolution=(png_uint_32) CastDoubleToSizeT(100.0*image->resolution.x+0.5);
++          ping_pHYs_y_resolution=(png_uint_32) CastDoubleToSizeT(100.0*image->resolution.y+0.5);
+         }
+ 
+       else
+         {
+           ping_pHYs_unit_type=PNG_RESOLUTION_UNKNOWN;
+-          ping_pHYs_x_resolution=(png_uint_32) image->resolution.x;
+-          ping_pHYs_y_resolution=(png_uint_32) image->resolution.y;
++          ping_pHYs_x_resolution=(png_uint_32) CastDoubleToSizeT(image->resolution.x);
++          ping_pHYs_y_resolution=(png_uint_32) CastDoubleToSizeT(image->resolution.y);
+         }
+ 
+       if (logging != MagickFalse)
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 68a6d5b09..a0bdd6313 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1506,9 +1506,9 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+     if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XPOSITION,&x_position,sans) == 1) &&
+         (TIFFGetFieldDefaulted(tiff,TIFFTAG_YPOSITION,&y_position,sans) == 1))
+       {
+-        image->page.x=CastDoubleToLong(ceil(x_position*
++        image->page.x=CastDoubleToSSizeT(ceil(x_position*
+           image->resolution.x-0.5));
+-        image->page.y=CastDoubleToLong(ceil(y_position*
++        image->page.y=CastDoubleToSSizeT(ceil(y_position*
+           image->resolution.y-0.5));
+       }
+     if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation,sans) == 1)
+diff --git a/coders/txt.c b/coders/txt.c
+index f8312a4fd..91323583d 100644
+--- a/coders/txt.c
++++ b/coders/txt.c
+@@ -273,7 +273,7 @@ static Image *ReadTEXTImage(const ImageInfo *image_info,
+       draw_info=DestroyDrawInfo(draw_info);
+       ThrowReaderException(TypeError,"UnableToGetTypeMetrics");
+     }
+-  page.y=CastDoubleToLong(ceil((double) page.y+metrics.ascent-0.5));
++  page.y=CastDoubleToSSizeT(ceil((double) page.y+metrics.ascent-0.5));
+   (void) FormatLocaleString(geometry,MagickPathExtent,"%gx%g%+g%+g",(double)
+     image->columns,(double) image->rows,(double) page.x,(double) page.y);
+   (void) CloneString(&draw_info->geometry,geometry);
+@@ -574,7 +574,7 @@ static Image *ReadTXTImage(const ImageInfo *image_info,ExceptionInfo *exception)
+           black),range);
+         pixel.alpha=(MagickRealType) ScaleAnyToQuantum(CastDoubleToQuantumAny(
+           alpha),range);
+-        q=GetAuthenticPixels(image,CastDoubleToLong(x_offset),CastDoubleToLong(
++        q=GetAuthenticPixels(image,CastDoubleToSSizeT(x_offset),CastDoubleToSSizeT(
+           y_offset),1,1,exception);
+         if (q == (Quantum *) NULL)
+           {
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Add-support-patch-3-to-fix-CVE-2023-3415.patch b/meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Add-support-patch-3-to-fix-CVE-2023-3415.patch
new file mode 100644
index 0000000000..f96f5b3da9
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Add-support-patch-3-to-fix-CVE-2023-3415.patch
@@ -0,0 +1,977 @@
+From 1743c78786aac899134a2b2484d802e6adde3ac4 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Tue, 2 Dec 2025 20:41:36 +0530
+Subject: [PATCH 17/18] ImageMagick: Add support patch 3 to fix CVE-2023-34151
+
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/4daec2d748cb2f7540ca0d3f694fb2384b0a5601]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ MagickCore/annotate.c       |  8 ++---
+ MagickCore/draw.c           | 60 +++++++++++++++----------------
+ MagickCore/effect.c         |  8 ++---
+ MagickCore/gem.c            |  2 +-
+ MagickCore/geometry.c       | 18 +++++-----
+ MagickCore/image-private.h  | 70 +++++++++++++++++++++++++------------
+ MagickCore/image.c          | 20 +++++------
+ MagickCore/pixel.c          | 36 +++++++++----------
+ MagickCore/property.c       |  4 +--
+ MagickCore/shear.c          | 22 ++++++------
+ MagickCore/transform.c      |  4 +--
+ MagickCore/visual-effects.c | 40 ++++++++++-----------
+ MagickWand/drawing-wand.c   |  8 ++---
+ coders/histogram.c          |  6 ++--
+ coders/icon.c               |  1 +
+ coders/pcl.c                |  4 +--
+ coders/tiff.c               |  4 +--
+ coders/txt.c                |  4 +--
+ configure                   |  8 ++---
+ 19 files changed, 177 insertions(+), 150 deletions(-)
+
+diff --git a/MagickCore/annotate.c b/MagickCore/annotate.c
+index 14f8d05d8..4be938be5 100644
+--- a/MagickCore/annotate.c
++++ b/MagickCore/annotate.c
+@@ -1734,8 +1734,8 @@ static MagickBooleanType RenderFreetype(Image *image,const DrawInfo *draw_info,
+ 
+           if (status == MagickFalse)
+             continue;
+-          x_offset=CastDoubleToSSizeT(ceil(point.x-0.5));
+-          y_offset=CastDoubleToSSizeT(ceil(point.y+y-0.5));
++          x_offset=CastDoubleToLong(ceil(point.x-0.5));
++          y_offset=CastDoubleToLong(ceil(point.y+y-0.5));
+           if ((y_offset < 0) || (y_offset >= (ssize_t) image->rows))
+             continue;
+           q=(Quantum *) NULL;
+@@ -1750,7 +1750,7 @@ static MagickBooleanType RenderFreetype(Image *image,const DrawInfo *draw_info,
+           n=y*bitmap->bitmap.pitch;
+           for (x=0; x < (ssize_t) bitmap->bitmap.width; x++, n++)
+           {
+-            x_offset=CastDoubleToSSizeT(ceil(point.x+x-0.5));
++            x_offset=CastDoubleToLong(ceil(point.x+x-0.5));
+             if ((x_offset < 0) || (x_offset >= (ssize_t) image->columns))
+               {
+                 if (q != (Quantum *) NULL)
+@@ -2102,7 +2102,7 @@ static MagickBooleanType RenderPostscript(Image *image,
+       crop_info=GetImageBoundingBox(annotate_image,exception);
+       crop_info.height=(size_t) ((resolution.y/DefaultResolution)*
+         ExpandAffine(&draw_info->affine)*draw_info->pointsize+0.5);
+-      crop_info.y=CastDoubleToSSizeT(ceil((resolution.y/DefaultResolution)*
++      crop_info.y=CastDoubleToLong(ceil((resolution.y/DefaultResolution)*
+         extent.y/8.0-0.5));
+       (void) FormatLocaleString(geometry,MagickPathExtent,
+         "%.20gx%.20g%+.20g%+.20g",(double) crop_info.width,(double)
+diff --git a/MagickCore/draw.c b/MagickCore/draw.c
+index 02df7d231..facea115e 100644
+--- a/MagickCore/draw.c
++++ b/MagickCore/draw.c
+@@ -1233,8 +1233,8 @@ MagickExport MagickBooleanType DrawAffineImage(Image *image,
+   edge.y2=MagickMin(max.y,(double) image->rows-1.0);
+   inverse_affine=InverseAffineMatrix(affine);
+   GetPixelInfo(image,&zero);
+-  start=CastDoubleToSSizeT(ceil(edge.y1-0.5));
+-  stop=CastDoubleToSSizeT(floor(edge.y2+0.5));
++  start=CastDoubleToLong(ceil(edge.y1-0.5));
++  stop=CastDoubleToLong(floor(edge.y2+0.5));
+   source_view=AcquireVirtualCacheView(source,exception);
+   image_view=AcquireAuthenticCacheView(image,exception);
+ #if defined(MAGICKCORE_OPENMP_SUPPORT)
+@@ -1267,16 +1267,16 @@ MagickExport MagickBooleanType DrawAffineImage(Image *image,
+     inverse_edge=AffineEdge(source,&inverse_affine,(double) y,&edge);
+     if (inverse_edge.x2 < inverse_edge.x1)
+       continue;
+-    q=GetCacheViewAuthenticPixels(image_view,CastDoubleToSSizeT(
+-      ceil(inverse_edge.x1-0.5)),y,(size_t) CastDoubleToSSizeT(floor(
++    q=GetCacheViewAuthenticPixels(image_view,CastDoubleToLong(
++      ceil(inverse_edge.x1-0.5)),y,(size_t) CastDoubleToLong(floor(
+       inverse_edge.x2+0.5)-ceil(inverse_edge.x1-0.5)+1),1,exception);
+     if (q == (Quantum *) NULL)
+       continue;
+     pixel=zero;
+     composite=zero;
+     x_offset=0;
+-    for (x=CastDoubleToSSizeT(ceil(inverse_edge.x1-0.5));
+-         x <= CastDoubleToSSizeT(floor(inverse_edge.x2+0.5)); x++)
++    for (x=CastDoubleToLong(ceil(inverse_edge.x1-0.5));
++         x <= CastDoubleToLong(floor(inverse_edge.x2+0.5)); x++)
+     {
+       point.x=(double) x*inverse_affine.sx+y*inverse_affine.ry+
+         inverse_affine.tx;
+@@ -2090,8 +2090,8 @@ MagickExport MagickBooleanType DrawGradientImage(Image *image,
+         case UndefinedSpread:
+         case PadSpread:
+         {
+-          if ((x != CastDoubleToSSizeT(ceil(gradient_vector->x1-0.5))) ||
+-              (y != CastDoubleToSSizeT(ceil(gradient_vector->y1-0.5))))
++          if ((x != CastDoubleToLong(ceil(gradient_vector->x1-0.5))) ||
++              (y != CastDoubleToLong(ceil(gradient_vector->y1-0.5))))
+             {
+               offset=GetStopColorOffset(gradient,x,y);
+               if (gradient->type != RadialGradient)
+@@ -2118,8 +2118,8 @@ MagickExport MagickBooleanType DrawGradientImage(Image *image,
+         }
+         case ReflectSpread:
+         {
+-          if ((x != CastDoubleToSSizeT(ceil(gradient_vector->x1-0.5))) ||
+-              (y != CastDoubleToSSizeT(ceil(gradient_vector->y1-0.5))))
++          if ((x != CastDoubleToLong(ceil(gradient_vector->x1-0.5))) ||
++              (y != CastDoubleToLong(ceil(gradient_vector->y1-0.5))))
+             {
+               offset=GetStopColorOffset(gradient,x,y);
+               if (gradient->type != RadialGradient)
+@@ -2160,8 +2160,8 @@ MagickExport MagickBooleanType DrawGradientImage(Image *image,
+ 
+           antialias=MagickFalse;
+           repeat=0.0;
+-          if ((x != CastDoubleToSSizeT(ceil(gradient_vector->x1-0.5))) ||
+-              (y != CastDoubleToSSizeT(ceil(gradient_vector->y1-0.5))))
++          if ((x != CastDoubleToLong(ceil(gradient_vector->x1-0.5))) ||
++              (y != CastDoubleToLong(ceil(gradient_vector->y1-0.5))))
+             {
+               offset=GetStopColorOffset(gradient,x,y);
+               if (gradient->type == LinearGradient)
+@@ -3457,21 +3457,21 @@ static MagickBooleanType RenderMVGContent(Image *image,
+                 (void) GetNextToken(q,&q,extent,token);
+                 (void) CopyMagickString(name,token,MagickPathExtent);
+                 (void) GetNextToken(q,&q,extent,token);
+-                bounds.x=CastDoubleToSSizeT(ceil(GetDrawValue(token,
++                bounds.x=CastDoubleToLong(ceil(GetDrawValue(token,
+                   &next_token)-0.5));
+                 if (token == next_token)
+                   ThrowPointExpectedException(token,exception);
+                 (void) GetNextToken(q,&q,extent,token);
+                 if (*token == ',')
+                   (void) GetNextToken(q,&q,extent,token);
+-                bounds.y=CastDoubleToSSizeT(ceil(GetDrawValue(token,
++                bounds.y=CastDoubleToLong(ceil(GetDrawValue(token,
+                   &next_token)-0.5));
+                 if (token == next_token)
+                   ThrowPointExpectedException(token,exception);
+                 (void) GetNextToken(q,&q,extent,token);
+                 if (*token == ',')
+                   (void) GetNextToken(q,&q,extent,token);
+-                bounds.width=(size_t) CastDoubleToSSizeT(floor(GetDrawValue(
++                bounds.width=(size_t) CastDoubleToLong(floor(GetDrawValue(
+                   token,&next_token)+0.5));
+                 if (token == next_token)
+                   ThrowPointExpectedException(token,exception);
+@@ -3882,28 +3882,28 @@ static MagickBooleanType RenderMVGContent(Image *image,
+         if (LocaleCompare("viewbox",keyword) == 0)
+           {
+             (void) GetNextToken(q,&q,extent,token);
+-            graphic_context[n]->viewbox.x=CastDoubleToSSizeT(ceil(
++            graphic_context[n]->viewbox.x=CastDoubleToLong(ceil(
+               GetDrawValue(token,&next_token)-0.5));
+             if (token == next_token)
+               ThrowPointExpectedException(token,exception);
+             (void) GetNextToken(q,&q,extent,token);
+             if (*token == ',')
+               (void) GetNextToken(q,&q,extent,token);
+-            graphic_context[n]->viewbox.y=CastDoubleToSSizeT(ceil(
++            graphic_context[n]->viewbox.y=CastDoubleToLong(ceil(
+               GetDrawValue(token,&next_token)-0.5));
+             if (token == next_token)
+               ThrowPointExpectedException(token,exception);
+             (void) GetNextToken(q,&q,extent,token);
+             if (*token == ',')
+               (void) GetNextToken(q,&q,extent,token);
+-            graphic_context[n]->viewbox.width=(size_t) CastDoubleToSSizeT(
++            graphic_context[n]->viewbox.width=(size_t) CastDoubleToLong(
+               floor(GetDrawValue(token,&next_token)+0.5));
+             if (token == next_token)
+               ThrowPointExpectedException(token,exception);
+             (void) GetNextToken(q,&q,extent,token);
+             if (*token == ',')
+               (void) GetNextToken(q,&q,extent,token);
+-            graphic_context[n]->viewbox.height=(size_t) CastDoubleToSSizeT(
++            graphic_context[n]->viewbox.height=(size_t) CastDoubleToLong(
+               floor(GetDrawValue(token,&next_token)+0.5));
+             if (token == next_token)
+               ThrowPointExpectedException(token,exception);
+@@ -5017,8 +5017,8 @@ static MagickBooleanType DrawPolygonPrimitive(Image *image,
+         GetPixelInfo(image,&pixel);
+         for ( ; x <= stop_x; x++)
+         {
+-          if ((x == CastDoubleToSSizeT(ceil(primitive_info->point.x-0.5))) &&
+-              (y == CastDoubleToSSizeT(ceil(primitive_info->point.y-0.5))))
++          if ((x == CastDoubleToLong(ceil(primitive_info->point.x-0.5))) &&
++              (y == CastDoubleToLong(ceil(primitive_info->point.y-0.5))))
+             {
+               GetFillColor(draw_info,x-start_x,y-start_y,&pixel,exception);
+               SetPixelViaPixelInfo(image,&pixel,q);
+@@ -5164,8 +5164,8 @@ static void LogPrimitiveInfo(const PrimitiveInfo *primitive_info)
+     coordinates,
+     y;
+ 
+-  x=CastDoubleToSSizeT(ceil(primitive_info->point.x-0.5));
+-  y=CastDoubleToSSizeT(ceil(primitive_info->point.y-0.5));
++  x=CastDoubleToLong(ceil(primitive_info->point.x-0.5));
++  y=CastDoubleToLong(ceil(primitive_info->point.y-0.5));
+   switch (primitive_info->primitive)
+   {
+     case AlphaPrimitive:
+@@ -5278,8 +5278,8 @@ MagickExport MagickBooleanType DrawPrimitive(Image *image,
+       status&=SetImageMask(image,CompositePixelMask,draw_info->composite_mask,
+         exception);
+     }
+-  x=CastDoubleToSSizeT(ceil(primitive_info->point.x-0.5));
+-  y=CastDoubleToSSizeT(ceil(primitive_info->point.y-0.5));
++  x=CastDoubleToLong(ceil(primitive_info->point.x-0.5));
++  y=CastDoubleToLong(ceil(primitive_info->point.y-0.5));
+   image_view=AcquireAuthenticCacheView(image,exception);
+   switch (primitive_info->primitive)
+   {
+@@ -5557,8 +5557,8 @@ MagickExport MagickBooleanType DrawPrimitive(Image *image,
+       composite_images=DestroyImageList(composite_images);
+       (void) SetImageProgressMonitor(composite_image,(MagickProgressMonitor)
+         NULL,(void *) NULL);
+-      x1=CastDoubleToSSizeT(ceil(primitive_info[1].point.x-0.5));
+-      y1=CastDoubleToSSizeT(ceil(primitive_info[1].point.y-0.5));
++      x1=CastDoubleToLong(ceil(primitive_info[1].point.x-0.5));
++      y1=CastDoubleToLong(ceil(primitive_info[1].point.y-0.5));
+       if (((x1 != 0L) && (x1 != (ssize_t) composite_image->columns)) ||
+           ((y1 != 0L) && (y1 != (ssize_t) composite_image->rows)))
+         {
+@@ -6167,7 +6167,7 @@ static MagickBooleanType TraceArcPath(MVGInfo *mvg_info,const PointInfo start,
+   else
+     if ((theta > 0.0) && (sweep == MagickFalse))
+       theta-=2.0*MagickPI;
+-  arc_segments=(size_t) CastDoubleToSSizeT(ceil(fabs((double) (theta/(0.5*
++  arc_segments=(size_t) CastDoubleToLong(ceil(fabs((double) (theta/(0.5*
+     MagickPI+MagickEpsilon)))));
+   status=MagickTrue;
+   p=primitive_info;
+@@ -7517,7 +7517,7 @@ static PrimitiveInfo *TraceStrokePolygon(const DrawInfo *draw_info,
+           theta.q=atan2(box_q[2].y-center.y,box_q[2].x-center.x);
+           if (theta.q < theta.p)
+             theta.q+=2.0*MagickPI;
+-          arc_segments=(size_t) CastDoubleToSSizeT(ceil((double) ((theta.
++          arc_segments=(size_t) CastDoubleToLong(ceil((double) ((theta.
+             q-theta.p)/(2.0*sqrt(PerceptibleReciprocal(mid))))));
+           CheckPathExtent(MaxStrokePad,arc_segments+MaxStrokePad);
+           stroke_q[q].x=box_q[1].x;
+@@ -7590,7 +7590,7 @@ static PrimitiveInfo *TraceStrokePolygon(const DrawInfo *draw_info,
+           theta.q=atan2(box_p[2].y-center.y,box_p[2].x-center.x);
+           if (theta.p < theta.q)
+             theta.p+=2.0*MagickPI;
+-          arc_segments=(size_t) CastDoubleToSSizeT(ceil((double) ((theta.p-
++          arc_segments=(size_t) CastDoubleToLong(ceil((double) ((theta.p-
+             theta.q)/(2.0*sqrt((double) (1.0/mid))))));
+           CheckPathExtent(arc_segments+MaxStrokePad,MaxStrokePad);
+           stroke_p[p++]=box_p[1];
+diff --git a/MagickCore/effect.c b/MagickCore/effect.c
+index a37a1999e..bfb1363f2 100644
+--- a/MagickCore/effect.c
++++ b/MagickCore/effect.c
+@@ -288,7 +288,7 @@ MagickExport Image *AdaptiveBlurImage(const Image *image,const double radius,
+         center,
+         j;
+ 
+-      j=CastDoubleToSSizeT(ceil((double) width*(1.0-QuantumScale*
++      j=CastDoubleToLong(ceil((double) width*(1.0-QuantumScale*
+         GetPixelIntensity(edge_image,r))-0.5));
+       if (j < 0)
+         j=0;
+@@ -609,7 +609,7 @@ MagickExport Image *AdaptiveSharpenImage(const Image *image,const double radius,
+         center,
+         j;
+ 
+-      j=CastDoubleToSSizeT(ceil((double) width*(1.0-QuantumScale*
++      j=CastDoubleToLong(ceil((double) width*(1.0-QuantumScale*
+         GetPixelIntensity(edge_image,r))-0.5));
+       if (j < 0)
+         j=0;
+@@ -2402,9 +2402,9 @@ MagickExport Image *MotionBlurImage(const Image *image,const double radius,
+   point.y=(double) width*cos(DegreesToRadians(angle));
+   for (i=0; i < (ssize_t) width; i++)
+   {
+-    offset[i].x=CastDoubleToSSizeT(ceil((double) (i*point.y)/
++    offset[i].x=CastDoubleToLong(ceil((double) (i*point.y)/
+       hypot(point.x,point.y)-0.5));
+-    offset[i].y=CastDoubleToSSizeT(ceil((double) (i*point.x)/
++    offset[i].y=CastDoubleToLong(ceil((double) (i*point.x)/
+       hypot(point.x,point.y)-0.5));
+   }
+   /*
+diff --git a/MagickCore/gem.c b/MagickCore/gem.c
+index 4eb8c3fc5..2c5911f67 100644
+--- a/MagickCore/gem.c
++++ b/MagickCore/gem.c
+@@ -692,7 +692,7 @@ MagickPrivate void ConvertHWBToRGB(const double hue,const double whiteness,
+       *blue=QuantumRange*v;
+       return;
+     }
+-  i=CastDoubleToSSizeT(floor(6.0*hue));
++  i=CastDoubleToLong(floor(6.0*hue));
+   f=6.0*hue-i;
+   if ((i & 0x01) != 0)
+     f=1.0-f;
+diff --git a/MagickCore/geometry.c b/MagickCore/geometry.c
+index dd46a96fc..e9a5981bd 100644
+--- a/MagickCore/geometry.c
++++ b/MagickCore/geometry.c
+@@ -241,7 +241,7 @@ MagickExport MagickStatusType GetGeometry(const char *geometry,ssize_t *x,
+               if (LocaleNCompare(p,"0x",2) == 0)
+                 *width=(size_t) strtol(p,&p,10);
+               else
+-                *width=CastDoubleToSizeT(StringToDouble(p,&p));
++                *width=CastDoubleToUnsigned(StringToDouble(p,&p));
+             }
+           if (p != q)
+             flags|=WidthValue;
+@@ -260,7 +260,7 @@ MagickExport MagickStatusType GetGeometry(const char *geometry,ssize_t *x,
+               */
+               q=p;
+               if (height != (size_t *) NULL)
+-                *height=CastDoubleToSizeT(StringToDouble(p,&p));
++                *height=CastDoubleToUnsigned(StringToDouble(p,&p));
+               if (p != q)
+                 flags|=HeightValue;
+             }
+@@ -279,7 +279,7 @@ MagickExport MagickStatusType GetGeometry(const char *geometry,ssize_t *x,
+       }
+       q=p;
+       if (x != (ssize_t *) NULL)
+-        *x=CastDoubleToSSizeT(StringToDouble(p,&p));
++        *x=CastDoubleToLong(StringToDouble(p,&p));
+       if (p != q)
+         {
+           flags|=XValue;
+@@ -300,7 +300,7 @@ MagickExport MagickStatusType GetGeometry(const char *geometry,ssize_t *x,
+       }
+       q=p;
+       if (y != (ssize_t *) NULL)
+-        *y=CastDoubleToSSizeT(StringToDouble(p,&p));
++        *y=CastDoubleToLong(StringToDouble(p,&p));
+       if (p != q)
+         {
+           flags|=YValue;
+@@ -1285,8 +1285,8 @@ MagickExport MagickStatusType ParseGravityGeometry(const Image *image,
+       scale.y=geometry_info.sigma;
+       if ((status & SigmaValue) == 0)
+         scale.y=scale.x;
+-      region_info->width=CastDoubleToSizeT(scale.x*image->columns/100.0);
+-      region_info->height=CastDoubleToSizeT(scale.y*image->rows/100.0);
++      region_info->width=CastDoubleToUnsigned(scale.x*image->columns/100.0);
++      region_info->height=CastDoubleToUnsigned(scale.y*image->rows/100.0);
+     }
+   if ((flags & AspectRatioValue) != 0)
+     {
+@@ -1308,12 +1308,12 @@ MagickExport MagickStatusType ParseGravityGeometry(const Image *image,
+       if (geometry_ratio >= image_ratio)
+         {
+           region_info->width=image->columns;
+-          region_info->height=CastDoubleToSizeT((double) image->rows*image_ratio/
++          region_info->height=CastDoubleToUnsigned((double) image->rows*image_ratio/
+             geometry_ratio);
+         }
+       else
+         {
+-          region_info->width=CastDoubleToSizeT((double) image->columns*
++          region_info->width=CastDoubleToUnsigned((double) image->columns*
+             geometry_ratio/image_ratio);
+           region_info->height=image->rows;
+         }
+@@ -1450,7 +1450,7 @@ MagickExport MagickStatusType ParseMetaGeometry(const char *geometry,ssize_t *x,
+         }
+       else
+         {
+-          *width=CastDoubleToSizeT(PerceptibleReciprocal(
++          *width=CastDoubleToUnsigned(PerceptibleReciprocal(
+             image_ratio)*former_width*geometry_ratio);
+           *height=former_height;
+         }
+diff --git a/MagickCore/image-private.h b/MagickCore/image-private.h
+index 694c19d54..8ce0208d5 100644
+--- a/MagickCore/image-private.h
++++ b/MagickCore/image-private.h
+@@ -53,40 +53,66 @@ extern "C" {
+ #define UndefinedCompressionQuality  0UL
+ #define UndefinedTicksPerSecond  100L
+ 
+-static inline QuantumAny CastDoubleToQuantumAny(const double x)
++static inline ssize_t CastDoubleToLong(const double x)
+ {
+   if (IsNaN(x) != 0)
+-    return(0);
+-  if (x > ((double) ((QuantumAny) ~0)))
+-    return((QuantumAny) ~0);
+-  if (x < 0.0)
+-    return(0.0);
+-  return((QuantumAny) (x+0.5));
++    {
++      errno=ERANGE;
++      return(0);
++    }
++  if (floor(x) > ((double) MAGICK_SSIZE_MAX-1))
++    {
++      errno=ERANGE;
++      return((ssize_t) MAGICK_SSIZE_MAX);
++    }
++  if (ceil(x) < ((double) MAGICK_SSIZE_MIN+1))
++    {
++      errno=ERANGE;
++      return((ssize_t) MAGICK_SSIZE_MIN);
++    }
++  return((ssize_t) x);
+ }
+ 
+-static inline size_t CastDoubleToSizeT(const double x)
++static inline QuantumAny CastDoubleToQuantumAny(const double x)
+ {
+   if (IsNaN(x) != 0)
+-    return(0);
+-  if (x > ((double) MAGICK_SIZE_MAX+0.5))
+-    return((size_t) MAGICK_SIZE_MAX);
+-  return((size_t) floor(x+0.5));
++    {
++      errno=ERANGE;
++      return(0);
++    }
++  if (x > ((double) ((QuantumAny) ~0)))
++    {
++      errno=ERANGE;
++      return((QuantumAny) ~0);
++    }
++  if (x < 0.0)
++    {
++      errno=ERANGE;
++      return((QuantumAny) 0);
++    }
++  return((QuantumAny) (x+0.5));
+ }
+ 
+-static inline ssize_t CastDoubleToSSizeT(const double x)
++static inline size_t CastDoubleToUnsigned(const double x)
+ {
+   if (IsNaN(x) != 0)
+-    return(0);
+-  if (x > ((double) MAGICK_SSIZE_MAX+0.5))
+-    return((ssize_t) MAGICK_SSIZE_MAX);
+-  if (x < ((double) MAGICK_SSIZE_MIN-0.5))
+-    return((ssize_t) MAGICK_SSIZE_MIN);
+-  if (x >= 0.0)
+-    return((ssize_t) floor(x+0.5));
+-  return((ssize_t) ceil(x-0.5));
++    {
++      errno=ERANGE;
++      return(0);
++    }
++  if (floor(x) > ((double) MAGICK_SSIZE_MAX-1))
++    {
++      errno=ERANGE;
++      return((size_t) MAGICK_SIZE_MAX);
++    }
++  if (ceil(x) < 0.0)
++    {
++      errno=ERANGE;
++      return(0);
++    }
++  return((size_t) x);
+ }
+ 
+-
+ static inline double DegreesToRadians(const double degrees)
+ {
+   return((double) (MagickPI*degrees/180.0));
+diff --git a/MagickCore/image.c b/MagickCore/image.c
+index 7b8caa0d2..3e6fdd114 100644
+--- a/MagickCore/image.c
++++ b/MagickCore/image.c
+@@ -282,21 +282,21 @@ MagickExport Image *AcquireImage(const ImageInfo *image_info,
+       if ((flags & GreaterValue) != 0)
+         {
+           if ((double) image->delay > floor(geometry_info.rho+0.5))
+-            image->delay=(size_t) CastDoubleToSSizeT(floor(
++            image->delay=(size_t) CastDoubleToLong(floor(
+               geometry_info.rho+0.5));
+         }
+       else
+         if ((flags & LessValue) != 0)
+           {
+             if ((double) image->delay < floor(geometry_info.rho+0.5))
+-              image->ticks_per_second=CastDoubleToSSizeT(floor(
++              image->ticks_per_second=CastDoubleToLong(floor(
+                 geometry_info.sigma+0.5));
+           }
+         else
+-          image->delay=(size_t) CastDoubleToSSizeT(floor(
++          image->delay=(size_t) CastDoubleToLong(floor(
+             geometry_info.rho+0.5));
+       if ((flags & SigmaValue) != 0)
+-        image->ticks_per_second=CastDoubleToSSizeT(floor(
++        image->ticks_per_second=CastDoubleToLong(floor(
+           geometry_info.sigma+0.5));
+     }
+   option=GetImageOption(image_info,"dispose");
+@@ -881,18 +881,18 @@ MagickExport Image *CloneImage(const Image *image,const size_t columns,
+   scale=1.0;
+   if (image->columns != 0)
+     scale=(double) columns/(double) image->columns;
+-  clone_image->page.width=(size_t) CastDoubleToSSizeT(floor(scale*
++  clone_image->page.width=(size_t) CastDoubleToLong(floor(scale*
+     image->page.width+0.5));
+-  clone_image->page.x=CastDoubleToSSizeT(ceil(scale*image->page.x-0.5));
+-  clone_image->tile_offset.x=CastDoubleToSSizeT(ceil(scale*
++  clone_image->page.x=CastDoubleToLong(ceil(scale*image->page.x-0.5));
++  clone_image->tile_offset.x=CastDoubleToLong(ceil(scale*
+     image->tile_offset.x-0.5));
+   scale=1.0;
+   if (image->rows != 0)
+     scale=(double) rows/(double) image->rows;
+-  clone_image->page.height=(size_t) CastDoubleToSSizeT(floor(scale*
++  clone_image->page.height=(size_t) CastDoubleToLong(floor(scale*
+     image->page.height+0.5));
+-  clone_image->page.y=CastDoubleToSSizeT(ceil(scale*image->page.y-0.5));
+-  clone_image->tile_offset.y=CastDoubleToSSizeT(ceil(scale*
++  clone_image->page.y=CastDoubleToLong(ceil(scale*image->page.y-0.5));
++  clone_image->tile_offset.y=CastDoubleToLong(ceil(scale*
+     image->tile_offset.y-0.5));
+   clone_image->cache=ClonePixelCache(image->cache);
+   if (SetImageExtent(clone_image,columns,rows,exception) == MagickFalse)
+diff --git a/MagickCore/pixel.c b/MagickCore/pixel.c
+index c2aea7c1d..5c1c5296f 100644
+--- a/MagickCore/pixel.c
++++ b/MagickCore/pixel.c
+@@ -4515,8 +4515,8 @@ MagickExport MagickBooleanType InterpolatePixelChannel(
+   status=MagickTrue;
+   *pixel=0.0;
+   traits=GetPixelChannelTraits(image,channel);
+-  x_offset=CastDoubleToSSizeT(floor(x));
+-  y_offset=CastDoubleToSSizeT(floor(y));
++  x_offset=CastDoubleToLong(floor(x));
++  y_offset=CastDoubleToLong(floor(y));
+   interpolate=method;
+   if (interpolate == UndefinedInterpolatePixel)
+     interpolate=image->interpolate;
+@@ -4533,8 +4533,8 @@ MagickExport MagickBooleanType InterpolatePixelChannel(
+       if (interpolate == Average9InterpolatePixel)
+         {
+           count=3;
+-          x_offset=CastDoubleToSSizeT(floor(x+0.5)-1.0);
+-          y_offset=CastDoubleToSSizeT(floor(y+0.5)-1.0);
++          x_offset=CastDoubleToLong(floor(x+0.5)-1.0);
++          y_offset=CastDoubleToLong(floor(y+0.5)-1.0);
+         }
+       else
+         if (interpolate == Average16InterpolatePixel)
+@@ -4717,8 +4717,8 @@ MagickExport MagickBooleanType InterpolatePixelChannel(
+     }
+     case NearestInterpolatePixel:
+     {
+-      x_offset=CastDoubleToSSizeT(floor(x+0.5));
+-      y_offset=CastDoubleToSSizeT(floor(y+0.5));
++      x_offset=CastDoubleToLong(floor(x+0.5));
++      y_offset=CastDoubleToLong(floor(y+0.5));
+       p=GetCacheViewVirtualPixels(image_view,x_offset,y_offset,1,1,exception);
+       if (p == (const Quantum *) NULL)
+         {
+@@ -4935,8 +4935,8 @@ MagickExport MagickBooleanType InterpolatePixelChannels(
+   assert(source->signature == MagickCoreSignature);
+   assert(source_view != (CacheView *) NULL);
+   status=MagickTrue;
+-  x_offset=CastDoubleToSSizeT(floor(x));
+-  y_offset=CastDoubleToSSizeT(floor(y));
++  x_offset=CastDoubleToLong(floor(x));
++  y_offset=CastDoubleToLong(floor(y));
+   interpolate=method;
+   if (interpolate == UndefinedInterpolatePixel)
+     interpolate=source->interpolate;
+@@ -4953,8 +4953,8 @@ MagickExport MagickBooleanType InterpolatePixelChannels(
+       if (interpolate == Average9InterpolatePixel)
+         {
+           count=3;
+-          x_offset=CastDoubleToSSizeT(floor(x+0.5)-1.0);
+-          y_offset=CastDoubleToSSizeT(floor(y+0.5)-1.0);
++          x_offset=CastDoubleToLong(floor(x+0.5)-1.0);
++          y_offset=CastDoubleToLong(floor(y+0.5)-1.0);
+         }
+       else
+         if (interpolate == Average16InterpolatePixel)
+@@ -5218,8 +5218,8 @@ MagickExport MagickBooleanType InterpolatePixelChannels(
+     }
+     case NearestInterpolatePixel:
+     {
+-      x_offset=CastDoubleToSSizeT(floor(x+0.5));
+-      y_offset=CastDoubleToSSizeT(floor(y+0.5));
++      x_offset=CastDoubleToLong(floor(x+0.5));
++      y_offset=CastDoubleToLong(floor(y+0.5));
+       p=GetCacheViewVirtualPixels(source_view,x_offset,y_offset,1,1,exception);
+       if (p == (const Quantum *) NULL)
+         {
+@@ -5502,8 +5502,8 @@ MagickExport MagickBooleanType InterpolatePixelInfo(const Image *image,
+   assert(image->signature == MagickCoreSignature);
+   assert(image_view != (CacheView *) NULL);
+   status=MagickTrue;
+-  x_offset=CastDoubleToSSizeT(floor(x));
+-  y_offset=CastDoubleToSSizeT(floor(y));
++  x_offset=CastDoubleToLong(floor(x));
++  y_offset=CastDoubleToLong(floor(y));
+   interpolate=method;
+   if (interpolate == UndefinedInterpolatePixel)
+     interpolate=image->interpolate;
+@@ -5522,8 +5522,8 @@ MagickExport MagickBooleanType InterpolatePixelInfo(const Image *image,
+       if (interpolate == Average9InterpolatePixel)
+         {
+           count=3;
+-          x_offset=CastDoubleToSSizeT(floor(x+0.5)-1.0);
+-          y_offset=CastDoubleToSSizeT(floor(y+0.5)-1.0);
++          x_offset=CastDoubleToLong(floor(x+0.5)-1.0);
++          y_offset=CastDoubleToLong(floor(y+0.5)-1.0);
+         }
+       else if (interpolate == Average16InterpolatePixel)
+         {
+@@ -5847,8 +5847,8 @@ MagickExport MagickBooleanType InterpolatePixelInfo(const Image *image,
+     }
+     case NearestInterpolatePixel:
+     {
+-      x_offset=CastDoubleToSSizeT(floor(x+0.5));
+-      y_offset=CastDoubleToSSizeT(floor(y+0.5));
++      x_offset=CastDoubleToLong(floor(x+0.5));
++      y_offset=CastDoubleToLong(floor(y+0.5));
+       p=GetCacheViewVirtualPixels(image_view,x_offset,y_offset,1,1,exception);
+       if (p == (const Quantum *) NULL)
+         {
+diff --git a/MagickCore/property.c b/MagickCore/property.c
+index b13fa7a17..1b42adaee 100644
+--- a/MagickCore/property.c
++++ b/MagickCore/property.c
+@@ -4372,13 +4372,13 @@ MagickExport MagickBooleanType SetImageProperty(Image *image,
+             if ((flags & LessValue) != 0)
+               {
+                 if ((double) image->delay < floor(geometry_info.rho+0.5))
+-                  image->delay=CastDoubleToSSizeT(
++                  image->delay=CastDoubleToLong(
+                     floor(geometry_info.sigma+0.5));
+               }
+             else
+               image->delay=(size_t) floor(geometry_info.rho+0.5);
+           if ((flags & SigmaValue) != 0)
+-            image->ticks_per_second=CastDoubleToSSizeT(floor(
++            image->ticks_per_second=CastDoubleToLong(floor(
+               geometry_info.sigma+0.5));
+           return(MagickTrue);
+         }
+diff --git a/MagickCore/shear.c b/MagickCore/shear.c
+index 62a98013e..05703ca34 100644
+--- a/MagickCore/shear.c
++++ b/MagickCore/shear.c
+@@ -163,10 +163,10 @@ static MagickBooleanType CropToFitImage(Image **image,
+     if (max.y < extent[i].y)
+       max.y=extent[i].y;
+   }
+-  geometry.x=CastDoubleToSSizeT(ceil(min.x-0.5));
+-  geometry.y=CastDoubleToSSizeT(ceil(min.y-0.5));
+-  geometry.width=(size_t) CastDoubleToSSizeT(floor(max.x-min.x+0.5));
+-  geometry.height=(size_t) CastDoubleToSSizeT(floor(max.y-min.y+0.5));
++  geometry.x=CastDoubleToLong(ceil(min.x-0.5));
++  geometry.y=CastDoubleToLong(ceil(min.y-0.5));
++  geometry.width=(size_t) CastDoubleToLong(floor(max.x-min.x+0.5));
++  geometry.height=(size_t) CastDoubleToLong(floor(max.y-min.y+0.5));
+   page=(*image)->page;
+   (void) ParseAbsoluteGeometry("0x0+0+0",&(*image)->page);
+   crop_image=CropImage(*image,&geometry,exception);
+@@ -1217,7 +1217,7 @@ static MagickBooleanType XShearImage(Image *image,const double degrees,
+         displacement*=(-1.0);
+         direction=LEFT;
+       }
+-    step=CastDoubleToSSizeT(floor((double) displacement));
++    step=CastDoubleToLong(floor((double) displacement));
+     area=(double) (displacement-step);
+     step++;
+     pixel=background;
+@@ -1434,7 +1434,7 @@ static MagickBooleanType YShearImage(Image *image,const double degrees,
+         displacement*=(-1.0);
+         direction=UP;
+       }
+-    step=CastDoubleToSSizeT(floor((double) displacement));
++    step=CastDoubleToLong(floor((double) displacement));
+     area=(double) (displacement-step);
+     step++;
+     pixel=background;
+@@ -1617,11 +1617,11 @@ MagickExport Image *ShearImage(const Image *image,const double x_shear,
+   /*
+     Compute image size.
+   */
+-  bounds.width=image->columns+CastDoubleToSSizeT(floor(fabs(shear.x)*
++  bounds.width=image->columns+CastDoubleToLong(floor(fabs(shear.x)*
+     image->rows+0.5));
+-  bounds.x=CastDoubleToSSizeT(ceil((double) image->columns+((fabs(shear.x)*
++  bounds.x=CastDoubleToLong(ceil((double) image->columns+((fabs(shear.x)*
+     image->rows)-image->columns)/2.0-0.5));
+-  bounds.y=CastDoubleToSSizeT(ceil((double) image->rows+((fabs(shear.y)*
++  bounds.y=CastDoubleToLong(ceil((double) image->rows+((fabs(shear.y)*
+     bounds.width)-image->rows)/2.0-0.5));
+   /*
+     Surround image with border.
+@@ -1770,9 +1770,9 @@ MagickExport Image *ShearRotateImage(const Image *image,const double degrees,
+   bounds.height=(size_t) floor(fabs((double) bounds.width*shear.y)+height+0.5);
+   shear_width=(size_t) floor(fabs((double) bounds.height*shear.x)+
+     bounds.width+0.5);
+-  bounds.x=CastDoubleToSSizeT(floor((double) ((shear_width > bounds.width) ?
++  bounds.x=CastDoubleToLong(floor((double) ((shear_width > bounds.width) ?
+     width : bounds.width-shear_width+2)/2.0+0.5));
+-  bounds.y=CastDoubleToSSizeT(floor(((double) bounds.height-height+2)/2.0+0.5));
++  bounds.y=CastDoubleToLong(floor(((double) bounds.height-height+2)/2.0+0.5));
+   /*
+     Surround image with a border.
+   */
+diff --git a/MagickCore/transform.c b/MagickCore/transform.c
+index 6afe0a3de..385d5eb68 100644
+--- a/MagickCore/transform.c
++++ b/MagickCore/transform.c
+@@ -773,8 +773,8 @@ static inline ssize_t PixelRoundOffset(double x)
+     Round the fraction to nearest integer.
+   */
+   if ((x-floor(x)) < (ceil(x)-x))
+-    return(CastDoubleToSSizeT(floor(x)));
+-  return(CastDoubleToSSizeT(ceil(x)));
++    return(CastDoubleToLong(floor(x)));
++  return(CastDoubleToLong(ceil(x)));
+ }
+ 
+ MagickExport Image *CropImageToTiles(const Image *image,
+diff --git a/MagickCore/visual-effects.c b/MagickCore/visual-effects.c
+index 069904a08..789660231 100644
+--- a/MagickCore/visual-effects.c
++++ b/MagickCore/visual-effects.c
+@@ -1439,8 +1439,8 @@ static MagickBooleanType PlasmaImageProxy(Image *image,CacheView *image_view,
+       */
+       depth--;
+       attenuate++;
+-      x_mid=CastDoubleToSSizeT(ceil((segment->x1+segment->x2)/2-0.5));
+-      y_mid=CastDoubleToSSizeT(ceil((segment->y1+segment->y2)/2-0.5));
++      x_mid=CastDoubleToLong(ceil((segment->x1+segment->x2)/2-0.5));
++      y_mid=CastDoubleToLong(ceil((segment->y1+segment->y2)/2-0.5));
+       local_info=(*segment);
+       local_info.x2=(double) x_mid;
+       local_info.y2=(double) y_mid;
+@@ -1463,8 +1463,8 @@ static MagickBooleanType PlasmaImageProxy(Image *image,CacheView *image_view,
+         &local_info,attenuate,depth,exception);
+       return(status == 0 ? MagickFalse : MagickTrue);
+     }
+-  x_mid=CastDoubleToSSizeT(ceil((segment->x1+segment->x2)/2-0.5));
+-  y_mid=CastDoubleToSSizeT(ceil((segment->y1+segment->y2)/2-0.5));
++  x_mid=CastDoubleToLong(ceil((segment->x1+segment->x2)/2-0.5));
++  y_mid=CastDoubleToLong(ceil((segment->y1+segment->y2)/2-0.5));
+   if ((fabs(segment->x1-x_mid) < MagickEpsilon) &&
+       (fabs(segment->x2-x_mid) < MagickEpsilon) &&
+       (fabs(segment->y1-y_mid) < MagickEpsilon) &&
+@@ -1481,10 +1481,10 @@ static MagickBooleanType PlasmaImageProxy(Image *image,CacheView *image_view,
+       /*
+         Left pixel.
+       */
+-      x=CastDoubleToSSizeT(ceil(segment->x1-0.5));
+-      u=GetCacheViewVirtualPixels(u_view,x,CastDoubleToSSizeT(ceil(
++      x=CastDoubleToLong(ceil(segment->x1-0.5));
++      u=GetCacheViewVirtualPixels(u_view,x,CastDoubleToLong(ceil(
+         segment->y1-0.5)),1,1,exception);
+-      v=GetCacheViewVirtualPixels(v_view,x,CastDoubleToSSizeT(ceil(
++      v=GetCacheViewVirtualPixels(v_view,x,CastDoubleToLong(ceil(
+         segment->y2-0.5)),1,1,exception);
+       q=QueueCacheViewAuthenticPixels(image_view,x,y_mid,1,1,exception);
+       if ((u == (const Quantum *) NULL) || (v == (const Quantum *) NULL) ||
+@@ -1504,10 +1504,10 @@ static MagickBooleanType PlasmaImageProxy(Image *image,CacheView *image_view,
+           /*
+             Right pixel.
+           */
+-          x=CastDoubleToSSizeT(ceil(segment->x2-0.5));
+-          u=GetCacheViewVirtualPixels(u_view,x,CastDoubleToSSizeT(ceil(
++          x=CastDoubleToLong(ceil(segment->x2-0.5));
++          u=GetCacheViewVirtualPixels(u_view,x,CastDoubleToLong(ceil(
+             segment->y1-0.5)),1,1,exception);
+-          v=GetCacheViewVirtualPixels(v_view,x,CastDoubleToSSizeT(ceil(
++          v=GetCacheViewVirtualPixels(v_view,x,CastDoubleToLong(ceil(
+             segment->y2-0.5)),1,1,exception);
+           q=QueueCacheViewAuthenticPixels(image_view,x,y_mid,1,1,exception);
+           if ((u == (const Quantum *) NULL) || (v == (const Quantum *) NULL) ||
+@@ -1533,10 +1533,10 @@ static MagickBooleanType PlasmaImageProxy(Image *image,CacheView *image_view,
+           /*
+             Bottom pixel.
+           */
+-          y=CastDoubleToSSizeT(ceil(segment->y2-0.5));
+-          u=GetCacheViewVirtualPixels(u_view,CastDoubleToSSizeT(ceil(
++          y=CastDoubleToLong(ceil(segment->y2-0.5));
++          u=GetCacheViewVirtualPixels(u_view,CastDoubleToLong(ceil(
+             segment->x1-0.5)),y,1,1,exception);
+-          v=GetCacheViewVirtualPixels(v_view,CastDoubleToSSizeT(ceil(
++          v=GetCacheViewVirtualPixels(v_view,CastDoubleToLong(ceil(
+             segment->x2-0.5)),y,1,1,exception);
+           q=QueueCacheViewAuthenticPixels(image_view,x_mid,y,1,1,exception);
+           if ((u == (const Quantum *) NULL) || (v == (const Quantum *) NULL) ||
+@@ -1557,10 +1557,10 @@ static MagickBooleanType PlasmaImageProxy(Image *image,CacheView *image_view,
+           /*
+             Top pixel.
+           */
+-          y=CastDoubleToSSizeT(ceil(segment->y1-0.5));
+-          u=GetCacheViewVirtualPixels(u_view,CastDoubleToSSizeT(ceil(
++          y=CastDoubleToLong(ceil(segment->y1-0.5));
++          u=GetCacheViewVirtualPixels(u_view,CastDoubleToLong(ceil(
+             segment->x1-0.5)),y,1,1,exception);
+-          v=GetCacheViewVirtualPixels(v_view,CastDoubleToSSizeT(ceil(
++          v=GetCacheViewVirtualPixels(v_view,CastDoubleToLong(ceil(
+             segment->x2-0.5)),y,1,1,exception);
+           q=QueueCacheViewAuthenticPixels(image_view,x_mid,y,1,1,exception);
+           if ((u == (const Quantum *) NULL) || (v == (const Quantum *) NULL) ||
+@@ -1583,11 +1583,11 @@ static MagickBooleanType PlasmaImageProxy(Image *image,CacheView *image_view,
+       /*
+         Middle pixel.
+       */
+-      x=CastDoubleToSSizeT(ceil(segment->x1-0.5));
+-      y=CastDoubleToSSizeT(ceil(segment->y1-0.5));
++      x=CastDoubleToLong(ceil(segment->x1-0.5));
++      y=CastDoubleToLong(ceil(segment->y1-0.5));
+       u=GetCacheViewVirtualPixels(u_view,x,y,1,1,exception);
+-      x=CastDoubleToSSizeT(ceil(segment->x2-0.5));
+-      y=CastDoubleToSSizeT(ceil(segment->y2-0.5));
++      x=CastDoubleToLong(ceil(segment->x2-0.5));
++      y=CastDoubleToLong(ceil(segment->y2-0.5));
+       v=GetCacheViewVirtualPixels(v_view,x,y,1,1,exception);
+       q=QueueCacheViewAuthenticPixels(image_view,x_mid,y_mid,1,1,exception);
+       if ((u == (const Quantum *) NULL) || (v == (const Quantum *) NULL) ||
+diff --git a/MagickWand/drawing-wand.c b/MagickWand/drawing-wand.c
+index 002798ba0..cc1fbc640 100644
+--- a/MagickWand/drawing-wand.c
++++ b/MagickWand/drawing-wand.c
+@@ -4285,10 +4285,10 @@ WandExport MagickBooleanType DrawPushPattern(DrawingWand *wand,
+     x,y,width,height);
+   wand->indent_depth++;
+   wand->pattern_id=AcquireString(pattern_id);
+-  wand->pattern_bounds.x=CastDoubleToSSizeT(ceil(x-0.5));
+-  wand->pattern_bounds.y=CastDoubleToSSizeT(ceil(y-0.5));
+-  wand->pattern_bounds.width=(size_t) CastDoubleToSSizeT(floor(width+0.5));
+-  wand->pattern_bounds.height=(size_t) CastDoubleToSSizeT(floor(height+0.5));
++  wand->pattern_bounds.x=CastDoubleToLong(ceil(x-0.5));
++  wand->pattern_bounds.y=CastDoubleToLong(ceil(y-0.5));
++  wand->pattern_bounds.width=(size_t) CastDoubleToLong(floor(width+0.5));
++  wand->pattern_bounds.height=(size_t) CastDoubleToLong(floor(height+0.5));
+   wand->pattern_offset=wand->mvg_length;
+   return(MagickTrue);
+ }
+diff --git a/coders/histogram.c b/coders/histogram.c
+index 15ee9772d..0df364c12 100644
+--- a/coders/histogram.c
++++ b/coders/histogram.c
+@@ -295,7 +295,7 @@ static MagickBooleanType WriteHISTOGRAMImage(const ImageInfo *image_info,
+       break;
+     if ((GetPixelRedTraits(image) & UpdatePixelTrait) != 0)
+       {
+-        y=CastDoubleToSSizeT(ceil((double) histogram_image->rows-scale*
++        y=CastDoubleToLong(ceil((double) histogram_image->rows-scale*
+           histogram[x].red-0.5));
+         r=q+y*GetPixelChannels(histogram_image);
+         for ( ; y < (ssize_t) histogram_image->rows; y++)
+@@ -306,7 +306,7 @@ static MagickBooleanType WriteHISTOGRAMImage(const ImageInfo *image_info,
+       }
+     if ((GetPixelGreenTraits(image) & UpdatePixelTrait) != 0)
+       {
+-        y=CastDoubleToSSizeT(ceil((double) histogram_image->rows-scale*
++        y=CastDoubleToLong(ceil((double) histogram_image->rows-scale*
+           histogram[x].green-0.5));
+         r=q+y*GetPixelChannels(histogram_image);
+         for ( ; y < (ssize_t) histogram_image->rows; y++)
+@@ -317,7 +317,7 @@ static MagickBooleanType WriteHISTOGRAMImage(const ImageInfo *image_info,
+       }
+     if ((GetPixelBlueTraits(image) & UpdatePixelTrait) != 0)
+       {
+-        y=CastDoubleToSSizeT(ceil((double) histogram_image->rows-scale*
++        y=CastDoubleToLong(ceil((double) histogram_image->rows-scale*
+           histogram[x].blue-0.5));
+         r=q+y*GetPixelChannels(histogram_image);
+         for ( ; y < (ssize_t) histogram_image->rows; y++)
+diff --git a/coders/icon.c b/coders/icon.c
+index 2ccbc82b1..f54225ff9 100644
+--- a/coders/icon.c
++++ b/coders/icon.c
+@@ -227,6 +227,7 @@ static Image *ReadICONImage(const ImageInfo *image_info,
+       image=DestroyImageList(image);
+       return((Image *) NULL);
+     }
++  (void) memset(&icon_file,0,sizeof(icon_file));
+   icon_file.reserved=(short) ReadBlobLSBShort(image);
+   icon_file.resource_type=(short) ReadBlobLSBShort(image);
+   icon_file.count=(short) ReadBlobLSBShort(image);
+diff --git a/coders/pcl.c b/coders/pcl.c
+index 8197a0c39..8056ae0c9 100644
+--- a/coders/pcl.c
++++ b/coders/pcl.c
+@@ -294,8 +294,8 @@ static Image *ReadPCLImage(const ImageInfo *image_info,ExceptionInfo *exception)
+     /*
+       Set PCL render geometry.
+     */
+-    width=(size_t) floor(bounds.x2-bounds.x1+0.5);
+-    height=(size_t) floor(bounds.y2-bounds.y1+0.5);
++    width=(size_t) CastDoubleToLong(floor(bounds.x2-bounds.x1+0.5));
++    height=(size_t) CastDoubleToLong(floor(bounds.y2-bounds.y1+0.5));
+     if (width > page.width)
+       page.width=width;
+     if (height > page.height)
+diff --git a/coders/tiff.c b/coders/tiff.c
+index a0bdd6313..68a6d5b09 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1506,9 +1506,9 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+     if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XPOSITION,&x_position,sans) == 1) &&
+         (TIFFGetFieldDefaulted(tiff,TIFFTAG_YPOSITION,&y_position,sans) == 1))
+       {
+-        image->page.x=CastDoubleToSSizeT(ceil(x_position*
++        image->page.x=CastDoubleToLong(ceil(x_position*
+           image->resolution.x-0.5));
+-        image->page.y=CastDoubleToSSizeT(ceil(y_position*
++        image->page.y=CastDoubleToLong(ceil(y_position*
+           image->resolution.y-0.5));
+       }
+     if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation,sans) == 1)
+diff --git a/coders/txt.c b/coders/txt.c
+index 91323583d..f8312a4fd 100644
+--- a/coders/txt.c
++++ b/coders/txt.c
+@@ -273,7 +273,7 @@ static Image *ReadTEXTImage(const ImageInfo *image_info,
+       draw_info=DestroyDrawInfo(draw_info);
+       ThrowReaderException(TypeError,"UnableToGetTypeMetrics");
+     }
+-  page.y=CastDoubleToSSizeT(ceil((double) page.y+metrics.ascent-0.5));
++  page.y=CastDoubleToLong(ceil((double) page.y+metrics.ascent-0.5));
+   (void) FormatLocaleString(geometry,MagickPathExtent,"%gx%g%+g%+g",(double)
+     image->columns,(double) image->rows,(double) page.x,(double) page.y);
+   (void) CloneString(&draw_info->geometry,geometry);
+@@ -574,7 +574,7 @@ static Image *ReadTXTImage(const ImageInfo *image_info,ExceptionInfo *exception)
+           black),range);
+         pixel.alpha=(MagickRealType) ScaleAnyToQuantum(CastDoubleToQuantumAny(
+           alpha),range);
+-        q=GetAuthenticPixels(image,CastDoubleToSSizeT(x_offset),CastDoubleToSSizeT(
++        q=GetAuthenticPixels(image,CastDoubleToLong(x_offset),CastDoubleToLong(
+           y_offset),1,1,exception);
+         if (q == (Quantum *) NULL)
+           {
+diff --git a/configure b/configure
+index 0b3c67e72..85aade112 100755
+--- a/configure
++++ b/configure
+@@ -4552,7 +4552,7 @@ MAGICK_PATCHLEVEL_VERSION=62
+ 
+ MAGICK_VERSION=7.0.10-62
+ 
+-MAGICK_GIT_REVISION=18417:ff04e172d:20210207
++MAGICK_GIT_REVISION=fecfed4d0:20230414
+ 
+ 
+ # Substitute library versioning
+@@ -25948,9 +25948,9 @@ ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+ 
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+-       int f(int  x){return 1;}
+-                        int f(char x){return 1;}
+-                        int f(bool x){return 1;}
++       int f(int  x){return x;}
++                        int f(char x){return x == '\1' ? 1 : 0;}
++                        int f(bool x){return x ? 1 : 0;}
+ int
+ main ()
+ {
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Fix-CVE-2023-34151.patch b/meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Fix-CVE-2023-34151.patch
new file mode 100644
index 0000000000..d0edd01f13
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/0011-ImageMagick-Fix-CVE-2023-34151.patch
@@ -0,0 +1,314 @@
+From 3fb6d745e0817dd4c7ec31e929bfade8a7506bf5 Mon Sep 17 00:00:00 2001
+From: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+Date: Tue, 2 Dec 2025 21:55:47 +0530
+Subject: [PATCH 18/18] ImageMagick: Fix CVE-2023-34151
+
+CVE: CVE-2023-34151
+
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/3d6d98d8a2be30d74172ab43b5b8e874d2deb158]
+
+Comment: Refreshed hunk to match latest kirkstone
+
+Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
+---
+ MagickCore/annotate.c       |  4 ++--
+ MagickCore/draw.c           |  2 +-
+ MagickCore/geometry.c       |  4 ++--
+ MagickCore/shear.c          |  6 +++---
+ MagickCore/visual-effects.c |  4 ++--
+ coders/caption.c            | 10 +++++-----
+ coders/label.c              | 10 +++++-----
+ coders/pcl.c                |  4 ++--
+ coders/pdf.c                |  4 ++--
+ coders/png.c                | 12 ++++++------
+ coders/ps.c                 |  4 ++--
+ coders/ps2.c                |  4 ++--
+ coders/ps3.c                |  4 ++--
+ coders/svg.c                |  4 ++--
+ 14 files changed, 38 insertions(+), 38 deletions(-)
+
+diff --git a/MagickCore/annotate.c b/MagickCore/annotate.c
+index 4be938be5..3e8f3aa1b 100644
+--- a/MagickCore/annotate.c
++++ b/MagickCore/annotate.c
+@@ -336,7 +336,7 @@ MagickExport MagickBooleanType AnnotateImage(Image *image,
+     (void) CloneString(&annotate->text,textlist[i]);
+     if ((metrics.width == 0) || (annotate->gravity != NorthWestGravity))
+       (void) GetTypeMetrics(image,annotate,&metrics,exception);
+-    height=(size_t) floor(metrics.ascent-metrics.descent+0.5);
++    height=CastDoubleToUnsigned(metrics.ascent-metrics.descent+0.5);
+     if (height == 0)
+       height=draw_info->pointsize;
+     height+=(size_t) floor(draw_info->interline_spacing+0.5);
+@@ -626,7 +626,7 @@ MagickExport ssize_t FormatMagickCaption(Image *image,DrawInfo *draw_info,
+     status=GetTypeMetrics(image,draw_info,metrics,exception);
+     if (status == MagickFalse)
+       break;
+-    width=(size_t) floor(metrics->width+draw_info->stroke_width+0.5);
++    width=CastDoubleToUnsigned(metrics->width+draw_info->stroke_width+0.5);
+     if (width <= image->columns)
+       continue;
+     if (s != (char *) NULL)
+diff --git a/MagickCore/draw.c b/MagickCore/draw.c
+index facea115e..54286130a 100644
+--- a/MagickCore/draw.c
++++ b/MagickCore/draw.c
+@@ -3478,7 +3478,7 @@ static MagickBooleanType RenderMVGContent(Image *image,
+                 (void) GetNextToken(q,&q,extent,token);
+                 if (*token == ',')
+                   (void) GetNextToken(q,&q,extent,token);
+-                bounds.height=(size_t) floor(GetDrawValue(token,&next_token)+
++                bounds.height=CastDoubleToUnsigned(GetDrawValue(token,&next_token)+
+                   0.5);
+                 if (token == next_token)
+                   ThrowPointExpectedException(token,exception);
+diff --git a/MagickCore/geometry.c b/MagickCore/geometry.c
+index e9a5981bd..885493b94 100644
+--- a/MagickCore/geometry.c
++++ b/MagickCore/geometry.c
+@@ -1424,8 +1424,8 @@ MagickExport MagickStatusType ParseMetaGeometry(const char *geometry,ssize_t *x,
+       scale.y=geometry_info.sigma;
+       if ((percent_flags & SigmaValue) == 0)
+         scale.y=scale.x;
+-      *width=(size_t) floor(scale.x*former_width/100.0+0.5);
+-      *height=(size_t) floor(scale.y*former_height/100.0+0.5);
++      *width=CastDoubleToUnsigned (scale.x*former_width/100.0+0.5);
++      *height=CastDoubleToUnsigned (scale.y*former_height/100.0+0.5);
+       former_width=(*width);
+       former_height=(*height);
+     }
+diff --git a/MagickCore/shear.c b/MagickCore/shear.c
+index 05703ca34..a4c75431f 100644
+--- a/MagickCore/shear.c
++++ b/MagickCore/shear.c
+@@ -1766,9 +1766,9 @@ MagickExport Image *ShearRotateImage(const Image *image,const double degrees,
+   */
+   width=integral_image->columns;
+   height=integral_image->rows;
+-  bounds.width=(size_t) floor(fabs((double) height*shear.x)+width+0.5);
+-  bounds.height=(size_t) floor(fabs((double) bounds.width*shear.y)+height+0.5);
+-  shear_width=(size_t) floor(fabs((double) bounds.height*shear.x)+
++  bounds.width=CastDoubleToUnsigned(fabs((double) height*shear.x)+width+0.5);
++  bounds.height=CastDoubleToUnsigned(fabs((double) bounds.width*shear.y)+height+0.5);
++  shear_width=CastDoubleToUnsigned(fabs((double) bounds.height*shear.x)+
+     bounds.width+0.5);
+   bounds.x=CastDoubleToLong(floor((double) ((shear_width > bounds.width) ?
+     width : bounds.width-shear_width+2)/2.0+0.5));
+diff --git a/MagickCore/visual-effects.c b/MagickCore/visual-effects.c
+index 789660231..3f5a5ee5e 100644
+--- a/MagickCore/visual-effects.c
++++ b/MagickCore/visual-effects.c
+@@ -2062,8 +2062,8 @@ MagickExport Image *ShadowImage(const Image *image,const double alpha,
+     (void) SetImageColorspace(clone_image,sRGBColorspace,exception);
+   (void) SetImageVirtualPixelMethod(clone_image,EdgeVirtualPixelMethod,
+     exception);
+-  border_info.width=(size_t) floor(2.0*sigma+0.5);
+-  border_info.height=(size_t) floor(2.0*sigma+0.5);
++  border_info.width=CastDoubleToUnsigned(2.0*sigma+0.5);
++  border_info.height=CastDoubleToUnsigned(2.0*sigma+0.5);
+   border_info.x=0;
+   border_info.y=0;
+   (void) QueryColorCompliance("none",AllCompliance,&clone_image->border_color,
+diff --git a/coders/caption.c b/coders/caption.c
+index 67a3fb48c..cff07fd10 100644
+--- a/coders/caption.c
++++ b/coders/caption.c
+@@ -155,7 +155,7 @@ static Image *ReadCAPTIONImage(const ImageInfo *image_info,
+     return(DestroyImageList(image));
+   (void) SetImageProperty(image,"caption",caption,exception);
+   draw_info=CloneDrawInfo(image_info,(DrawInfo *) NULL);
+-  width=(size_t) floor(draw_info->pointsize*strlen(caption)+0.5);
++  width=CastDoubleToUnsigned(draw_info->pointsize*strlen(caption)+0.5);
+   if (AcquireMagickResource(WidthResource,width) == MagickFalse)
+     {
+       caption=DestroyString(caption);
+@@ -249,8 +249,8 @@ static Image *ReadCAPTIONImage(const ImageInfo *image_info,
+             status=GetMultilineTypeMetrics(image,draw_info,&metrics,exception);
+             if (status == MagickFalse)
+               break;
+-            width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
+-            height=(size_t) floor(metrics.height+draw_info->interline_spacing+
++            width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
++            height=CastDoubleToUnsigned(metrics.height+draw_info->interline_spacing+
+               draw_info->stroke_width+0.5);
+             if ((image->columns != 0) && (image->rows != 0))
+               {
+@@ -279,8 +279,8 @@ static Image *ReadCAPTIONImage(const ImageInfo *image_info,
+         status=GetMultilineTypeMetrics(image,draw_info,&metrics,exception);
+         if (status == MagickFalse)
+           break;
+-        width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
+-        height=(size_t) floor(metrics.height+draw_info->interline_spacing+
++        width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
++        height=CastDoubleToUnsigned(metrics.height+draw_info->interline_spacing+
+           draw_info->stroke_width+0.5);
+         if ((image->columns != 0) && (image->rows != 0))
+           {
+diff --git a/coders/label.c b/coders/label.c
+index b6c25036f..cd76961f7 100644
+--- a/coders/label.c
++++ b/coders/label.c
+@@ -135,7 +135,7 @@ static Image *ReadLABELImage(const ImageInfo *image_info,
+     return(DestroyImageList(image));
+   (void) SetImageProperty(image,"label",label,exception);
+   draw_info=CloneDrawInfo(image_info,(DrawInfo *) NULL);
+-  width=(size_t) floor(draw_info->pointsize*strlen(label)+0.5);
++  width=CastDoubleToUnsigned(draw_info->pointsize*strlen(label)+0.5);
+   if (AcquireMagickResource(WidthResource,width) == MagickFalse)
+     {
+       label=DestroyString(label);
+@@ -174,8 +174,8 @@ static Image *ReadLABELImage(const ImageInfo *image_info,
+           status=GetMultilineTypeMetrics(image,draw_info,&metrics,exception);
+           if (status == MagickFalse)
+             break;
+-          width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
+-          height=(size_t) floor(metrics.height+draw_info->stroke_width+0.5);
++          width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
++          height=CastDoubleToUnsigned(metrics.height+draw_info->stroke_width+0.5);
+           if ((image->columns != 0) && (image->rows != 0))
+             {
+               if ((width >= image->columns) && (height >= image->rows))
+@@ -204,8 +204,8 @@ static Image *ReadLABELImage(const ImageInfo *image_info,
+           status=GetMultilineTypeMetrics(image,draw_info,&metrics,exception);
+           if (status == MagickFalse)
+             break;
+-          width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
+-          height=(size_t) floor(metrics.height+draw_info->stroke_width+0.5);
++          width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
++          height=CastDoubleToUnsigned(metrics.height+draw_info->stroke_width+0.5);
+           if ((image->columns != 0) && (image->rows != 0))
+             {
+               if ((width < image->columns) && (height < image->rows))
+diff --git a/coders/pcl.c b/coders/pcl.c
+index 8056ae0c9..d6b9ed75f 100644
+--- a/coders/pcl.c
++++ b/coders/pcl.c
+@@ -333,8 +333,8 @@ static Image *ReadPCLImage(const ImageInfo *image_info,ExceptionInfo *exception)
+     image->resolution.x,image->resolution.y);
+   if (image_info->ping != MagickFalse)
+     (void) FormatLocaleString(density,MagickPathExtent,"2.0x2.0");
+-  page.width=(size_t) floor(page.width*image->resolution.x/delta.x+0.5);
+-  page.height=(size_t) floor(page.height*image->resolution.y/delta.y+0.5);
++  page.width=CastDoubleToUnsigned(page.width*image->resolution.x/delta.x+0.5);
++  page.height=CastDoubleToUnsigned(page.height*image->resolution.y/delta.y+0.5);
+   (void) FormatLocaleString(options,MagickPathExtent,"-g%.20gx%.20g ",(double)
+     page.width,(double) page.height);
+   image=DestroyImage(image);
+diff --git a/coders/pdf.c b/coders/pdf.c
+index 7792d417a..3e8b3c182 100644
+--- a/coders/pdf.c
++++ b/coders/pdf.c
+@@ -1605,9 +1605,9 @@ static MagickBooleanType WritePDFImage(const ImageInfo *image_info,Image *image,
+     (void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
+       &geometry.width,&geometry.height);
+     scale.x=(double) (geometry.width*delta.x)/resolution.x;
+-    geometry.width=(size_t) floor(scale.x+0.5);
++    geometry.width=CastDoubleToUnsigned(scale.x+0.5);
+     scale.y=(double) (geometry.height*delta.y)/resolution.y;
+-    geometry.height=(size_t) floor(scale.y+0.5);
++    geometry.height=CastDoubleToUnsigned(scale.y+0.5);
+     (void) ParseAbsoluteGeometry(page_geometry,&media_info);
+     (void) ParseGravityGeometry(image,page_geometry,&page_info,exception);
+     if (image->gravity != UndefinedGravity)
+diff --git a/coders/png.c b/coders/png.c
+index 6f88e9cdc..6dedf2849 100644
+--- a/coders/png.c
++++ b/coders/png.c
+@@ -10020,23 +10020,23 @@ static MagickBooleanType WriteOnePNGImage(MngInfo *mng_info,
+         {
+           ping_pHYs_unit_type=PNG_RESOLUTION_METER;
+           ping_pHYs_x_resolution=
+-             (png_uint_32) CastDoubleToSizeT((100.0*image->resolution.x+0.5)/2.54);
++             (png_uint_32) CastDoubleToUnsigned((100.0*image->resolution.x+0.5)/2.54);
+           ping_pHYs_y_resolution=
+-             (png_uint_32) CastDoubleToSizeT((100.0*image->resolution.y+0.5)/2.54);
++             (png_uint_32) CastDoubleToUnsigned((100.0*image->resolution.y+0.5)/2.54);
+         }
+ 
+       else if (image->units == PixelsPerCentimeterResolution)
+         {
+           ping_pHYs_unit_type=PNG_RESOLUTION_METER;
+-          ping_pHYs_x_resolution=(png_uint_32) CastDoubleToSizeT(100.0*image->resolution.x+0.5);
+-          ping_pHYs_y_resolution=(png_uint_32) CastDoubleToSizeT(100.0*image->resolution.y+0.5);
++          ping_pHYs_x_resolution=(png_uint_32) CastDoubleToUnsigned(100.0*image->resolution.x+0.5);
++          ping_pHYs_y_resolution=(png_uint_32) CastDoubleToUnsigned(100.0*image->resolution.y+0.5);
+         }
+ 
+       else
+         {
+           ping_pHYs_unit_type=PNG_RESOLUTION_UNKNOWN;
+-          ping_pHYs_x_resolution=(png_uint_32) CastDoubleToSizeT(image->resolution.x);
+-          ping_pHYs_y_resolution=(png_uint_32) CastDoubleToSizeT(image->resolution.y);
++          ping_pHYs_x_resolution=(png_uint_32) CastDoubleToUnsigned(image->resolution.x);
++          ping_pHYs_y_resolution=(png_uint_32) CastDoubleToUnsigned(image->resolution.y);
+         }
+ 
+       if (logging != MagickFalse)
+diff --git a/coders/ps.c b/coders/ps.c
+index 3c18e5a92..9b3f3da88 100644
+--- a/coders/ps.c
++++ b/coders/ps.c
+@@ -1483,9 +1483,9 @@ static MagickBooleanType WritePSImage(const ImageInfo *image_info,Image *image,
+     (void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
+       &geometry.width,&geometry.height);
+     scale.x=PerceptibleReciprocal(resolution.x)*geometry.width*delta.x;
+-    geometry.width=(size_t) floor(scale.x+0.5);
++    geometry.width=CastDoubleToUnsigned(scale.x+0.5);
+     scale.y=PerceptibleReciprocal(resolution.y)*geometry.height*delta.y;
+-    geometry.height=(size_t) floor(scale.y+0.5);
++    geometry.height=CastDoubleToUnsigned(scale.y+0.5);
+     (void) ParseAbsoluteGeometry(page_geometry,&media_info);
+     (void) ParseGravityGeometry(image,page_geometry,&page_info,exception);
+     if (image->gravity != UndefinedGravity)
+diff --git a/coders/ps2.c b/coders/ps2.c
+index 31e7f75c7..2e713c64a 100644
+--- a/coders/ps2.c
++++ b/coders/ps2.c
+@@ -533,9 +533,9 @@ static MagickBooleanType WritePS2Image(const ImageInfo *image_info,Image *image,
+     (void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
+       &geometry.width,&geometry.height);
+     scale.x=PerceptibleReciprocal(resolution.x)*geometry.width*delta.x;
+-    geometry.width=(size_t) floor(scale.x+0.5);
++    geometry.width=CastDoubleToUnsigned(scale.x+0.5);
+     scale.y=PerceptibleReciprocal(resolution.y)*geometry.height*delta.y;
+-    geometry.height=(size_t) floor(scale.y+0.5);
++    geometry.height=CastDoubleToUnsigned(scale.y+0.5);
+     (void) ParseAbsoluteGeometry(page_geometry,&media_info);
+     (void) ParseGravityGeometry(image,page_geometry,&page_info,exception);
+     if (image->gravity != UndefinedGravity)
+diff --git a/coders/ps3.c b/coders/ps3.c
+index 62f47c439..beb007587 100644
+--- a/coders/ps3.c
++++ b/coders/ps3.c
+@@ -980,9 +980,9 @@ static MagickBooleanType WritePS3Image(const ImageInfo *image_info,Image *image,
+     (void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
+       &geometry.width,&geometry.height);
+     scale.x=PerceptibleReciprocal(resolution.x)*geometry.width*delta.x;
+-    geometry.width=(size_t) floor(scale.x+0.5);
++    geometry.width=CastDoubleToUnsigned(scale.x+0.5);
+     scale.y=PerceptibleReciprocal(resolution.y)*geometry.height*delta.y;
+-    geometry.height=(size_t) floor(scale.y+0.5);
++    geometry.height=CastDoubleToUnsigned(scale.y+0.5);
+     (void) ParseAbsoluteGeometry(page_geometry,&media_info);
+     (void) ParseGravityGeometry(image,page_geometry,&page_info,exception);
+     if (image->gravity != UndefinedGravity)
+diff --git a/coders/svg.c b/coders/svg.c
+index 8f80d83e3..5caf8afe7 100644
+--- a/coders/svg.c
++++ b/coders/svg.c
+@@ -2520,10 +2520,10 @@ static void SVGStartElement(void *context,const xmlChar *name,
+             svg_info->view_box=svg_info->bounds;
+           svg_info->width=0;
+           if (svg_info->bounds.width > 0.0)
+-            svg_info->width=(size_t) floor(svg_info->bounds.width+0.5);
++            svg_info->width=CastDoubleToUnsigned(svg_info->bounds.width+0.5);
+           svg_info->height=0;
+           if (svg_info->bounds.height > 0.0)
+-            svg_info->height=(size_t) floor(svg_info->bounds.height+0.5);
++            svg_info->height=CastDoubleToUnsigned(svg_info->bounds.height+0.5);
+           (void) FormatLocaleFile(svg_info->file,"viewbox 0 0 %.20g %.20g\n",
+             (double) svg_info->width,(double) svg_info->height);
+           sx=PerceptibleReciprocal(svg_info->view_box.width)*svg_info->width;
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index ecd4d85b3a..95820cd6b2 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -39,6 +39,10 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://0010-ImageMagick-Add-support-patch-3-to-fix-CVE-2025-5529.patch \
     file://0010-ImageMagick-Fix-CVE-2025-55298-1.patch \
     file://0010-ImageMagick-Fix-CVE-2025-55298-2.patch \
+    file://0011-ImageMagick-Add-support-patch-1-to-fix-CVE-2023-3415.patch \
+    file://0011-ImageMagick-Add-support-patch-2-to-fix-CVE-2023-3415.patch \
+    file://0011-ImageMagick-Add-support-patch-3-to-fix-CVE-2023-3415.patch \
+    file://0011-ImageMagick-Fix-CVE-2023-34151.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"