From patchwork Tue Feb 17 09:00:16 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bhabu Bindu X-Patchwork-Id: 81188 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1AC5E6814B for ; Tue, 17 Feb 2026 09:01:34 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.8201.1771318889254037187 for ; Tue, 17 Feb 2026 01:01:29 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=MICxQ2ub; spf=pass (domain: gmail.com, ip: 209.85.210.181, mailfrom: bindudaniel1996@gmail.com) Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-8230f8f27cfso2105065b3a.0 for ; Tue, 17 Feb 2026 01:01:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1771318888; x=1771923688; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=a/HX91UWFyGzU15GDcamJ8bHbbw0Kmxu6jtwy1NiRvQ=; b=MICxQ2ub7zBZewkBzzTLtAWE2F7yYgj+IZWdmYzLM73nUyz1qps61pYx9Ngyn7mH5n PE73pDPJ23GCtbtzHIUbTu6zcC4CWDUq0ng/Sc4/Ti5KPLHavUd9NfCZ/YKbEj0s4zcU i4m4nS3YVD5Lhj7gdxemoQJDHi0dLLsuGjcSX+mHwp8uQ/95c1W+Jip6Ed4w+Ht1xZ4N 4gLdo7yFvvomvDRoI8PDG+gh0q+aEiuKb0Nx8e756KHfLzlag4pBdQNYe6p+t0Spx5s3 g9TgHAWY1gGPXQV/1V+kfeDCNpyjEmGmajtz7TuMhc1I0XyG5hsuurmTUpjtsX7MyYlw Y1lA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771318888; x=1771923688; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=a/HX91UWFyGzU15GDcamJ8bHbbw0Kmxu6jtwy1NiRvQ=; b=S16J49hrw/yLdfhie3TcXWYyCvd7RPKndui+BnyEHGNcgkZgc7dxWLJ+fbRob+UmAK pgXHME09yBjklmT0bFvr2CiomI1R8zxxjvwQlkzUjDkChWBqvXxEG2AjGbkYNu3RgZSe DFnfJI6jopXDUBuEY73XeR5Z3V1sGmCI4BCzjhKUzElpQomtzEmbU0a9//xE2rT5+BwL wjpMQkRiyA1t4vjzJ+nNXkm9HKhaAWq0Nc4bcazdD1Q/T3nTFg7yflFpalFxx5ZembQ9 bD3Q+In2iFfLPUL27EEb9gZY9A7dErZ1C7DRXHVwlXKBvkbYRRoRqvh/z0TBugSgVgO1 1Skw== X-Gm-Message-State: AOJu0Yy431uSSJzYpqJs+7g5acn85Qu0UH4OrPo84pk7k42j5dAgPC7t sJLsuHQ1ckHjfPDXWlpXnsC0POUhJBXjCqKOxcGEr8XyQpxwZZUGx5lZdWF3OA== X-Gm-Gg: AZuq6aLf1PGE2VHUi+0gL3JETehlmD2X/XxRzPKqbTPVhzm9V9GCNP7wG5BZtW295Lg shnXxVeijoWBzTcQSc860fZzXp+TJkgTFJXvA130spMkGxIVpWV1q40QnNJ2co2xLasubRdS6FR f8UktZUUWjxHq0NBNMiKUh60/1pYF+mkO+31i1ZeLNg316DFt+/03IQg2JYSIhyc2X/bw2CQAkZ oFsO1hxgPPixXj0110NiEYmW/aL6vlZ7XKOi+534qtOayaQ2FYTzbQvx1dedPUM0vtxC4HT81Mm FVI9QYJdh+/egVoSZ/Eh/KL1kQm7vwpM+S0wcz2UZj5D/TzcPWwjwPCGGz9tvJWTz2Lh+wgX2xr puw6e9PkN9Ct4cfXSpBRSD/CBKswh6S81VTNwVuo4W2b8XD6QPKiEiSnHKJ184l1t6JMS1EkTiH 649fQmTp25YPlX7YpdW/FK+Ls9w/Jkag== X-Received: by 2002:a05:6a20:748e:b0:35e:e604:f78b with SMTP id adf61e73a8af0-3946c79956fmr12928843637.3.1771318888324; Tue, 17 Feb 2026 01:01:28 -0800 (PST) Received: from L-12443L.kpit.com ([106.51.47.218]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c6e5332facfsm9171274a12.32.2026.02.17.01.01.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Feb 2026 01:01:28 -0800 (PST) From: Bhabu Bindu X-Google-Original-From: Bhabu Bindu To: openembedded-devel@lists.openembedded.org, bhabu.bindu@kpit.com Subject: [meta-oe][scartgap][PATCH 1/4] imagemagick: Fix CVE-2026-22770 Date: Tue, 17 Feb 2026 14:30:16 +0530 Message-Id: <20260217090019.1076725-1-bhabu.bindu@kpit.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 Feb 2026 09:01:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124441 Fix CVE-2026-22770 with patch provided by NVD advisory. Link: https://nvd.nist.gov/vuln/detail/CVE-2026-22770 Signed-off-by: Bhabu Bindu --- .../imagemagick/CVE-2026-22770.patch | 41 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-22770.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-22770.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-22770.patch new file mode 100644 index 0000000000..a89a8b9d3c --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-22770.patch @@ -0,0 +1,41 @@ +From 3e0330721020e0c5bb52e4b77c347527dd71658e Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Sun, 4 Jan 2026 15:26:48 +0100 +Subject: [PATCH] Correct memset initialization and add an overflow check + (GHSA-39h3-g67r-7g3c) + +CVE: CVE-2026-22770 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e] +Signed-off-by: Bhabu Bindu +--- + MagickCore/effect.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/MagickCore/effect.c b/MagickCore/effect.c +index a343e42259d..b2fdf626cb1 100644 +--- a/MagickCore/effect.c ++++ b/MagickCore/effect.c +@@ -876,16 +876,21 @@ static double **AcquireBilateralTLS(const size_t number_threads, + double + **weights; + ++ size_t ++ count; ++ + ssize_t + i; + ++ if (HeapOverflowSanityCheckGetSize(height,sizeof(**weights),&count) != MagickFalse) ++ return((double **) NULL); + weights=(double **) AcquireQuantumMemory(number_threads+1,sizeof(*weights)); + if (weights == (double **) NULL) + return((double **) NULL); +- (void) memset(weights,0,number_threads*sizeof(*weights)); ++ (void) memset(weights,0,(number_threads+1)*sizeof(*weights)); + for (i=0; i <= (ssize_t) number_threads; i++) + { +- weights[i]=(double *) AcquireQuantumMemory(width,height*sizeof(**weights)); ++ weights[i]=(double *) AcquireQuantumMemory(width,count); + if (weights[i] == (double *) NULL) + return(DestroyBilateralTLS(number_threads,weights)); + } diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index 99632967c2..94b2df10a2 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -25,6 +25,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-57807.patch \ file://CVE-2025-62171.patch \ file://CVE-2025-65955.patch \ + file://CVE-2026-22770.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Tue Feb 17 09:00:17 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bhabu Bindu X-Patchwork-Id: 81187 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2B14E6814E for ; Tue, 17 Feb 2026 09:01:34 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.8204.1771318894035334582 for ; Tue, 17 Feb 2026 01:01:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Idfc8D++; spf=pass (domain: gmail.com, ip: 209.85.210.181, mailfrom: bindudaniel1996@gmail.com) Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-824af5e5c81so3816581b3a.0 for ; Tue, 17 Feb 2026 01:01:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1771318893; x=1771923693; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=9I5MRLb4iWZOh/Wuufp4g1kF52dvUjWdb0ExQvCOdnc=; b=Idfc8D++NcNcK6WBpwDh+WAlMjkmADkvLfG1RDGcBs2ScAULM1rcRPvti+09+h79yD QXICr4n47Y8zDlSKizjc8GpuwhohkokCC6Fj6exlayd5B0jHEuh/E84aTtWG0ZoOhnUl Zh3M+21R+Q7KLAgxWK9iC7v/sCYWMb3e2VEl8Wk/Zn/1RWzXMxyfbmA0XRPrO5DyAq1o b8m2A9aBFyyTY1BEaYYbCHHEWWyytA5nui3ZbDQ88sYZKuC75pGlPAQm416F/BxcCb7J PJ3IlqItJltSFjAVllKsYlB5EJ35Mj67eVhqg+3yjTCgYre/kVnjv01dWdF6CahILI2n A6ew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771318893; x=1771923693; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=9I5MRLb4iWZOh/Wuufp4g1kF52dvUjWdb0ExQvCOdnc=; b=WazI9s8s2dxvKGPhfkSAqaeekst35n5qclmxd/Jd37XFBNjLwlS50dJ4/2x7GU4KDc R9EYiQHaVJIXJ8HojLGlIuGlYdJY72DIBlKQsqlLBx+XYIqfBI3brIf66GCi4HwHwju5 0dGUGih2CyVEdX3WvY61qzh7/8srxSfYVhIAeDks7QFkBoCQ51vSTWT/g1CNk6JgnB5V aiqLqVMGeJMvh0kffSmT9/bkWQc166VjN9e/EMpJaycHCbKc+hZaMv+ij4ssVQ/FLbM5 SYCmqVgM0iSwtfoMzLx1qW5wdQOh+FL+gXuWUXfGGVWTLD8H9119RNbVe5Bp7Ug7srY8 lD4A== X-Gm-Message-State: AOJu0Yw44rhHnctxJoEyGQwORWGZk6j51rdkQl0YOspitKb36rrQingc RjU0agp99K8I/9itshHLtOwh+EjOAz1H78FVAchs+detmbBT8g+E89jc6KRAIA== X-Gm-Gg: AZuq6aKZmLl6zEcPceDGBdWSNlLr6eimTSpKJqamd0CdXlO9MfmNcomSOXOBlVB93yv DUcSsxaLy8m8dmHPCBACMs8QvYszccKg2Qe/YBxomR9XrdwPd/GiA85JPN9EgzPAlVkbVSiYLGG V+Ar2pVR0QFOH/CCGbHR54JjQZBMy9mhJBqWkJGr6WTaAtGXF5VAo5AeEgscn8/ncDTwLAMP5yk IGiajgs+h/O1mGprWoo7yi/MS5YtRtGDGaq2txBCuWhBDaT5O+wYsyFofK9WUHgjKlVROFDSXee r/0p9KWSOQnUmDVd/fZXBwFStLecEINeLFvATwYI0nildiy4qC05vvEidmJmyBRgC8UeyPSLpaq 8/zsiAZW7eOgiw3/Z+p1npMQzKbwXbJLcTMfDDmgLm3aaiNqakKCvR/wwIp1RvXjD9o25Dz1+BE HrK7c/Wxrcz+bITfxM4xUyWS3eBIOfzQ== X-Received: by 2002:a05:6a20:e292:b0:366:14ac:e1f0 with SMTP id adf61e73a8af0-3946733e2f3mr14526806637.66.1771318893241; Tue, 17 Feb 2026 01:01:33 -0800 (PST) Received: from L-12443L.kpit.com ([106.51.47.218]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c6e5332facfsm9171274a12.32.2026.02.17.01.01.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Feb 2026 01:01:32 -0800 (PST) From: Bhabu Bindu X-Google-Original-From: Bhabu Bindu To: openembedded-devel@lists.openembedded.org, bhabu.bindu@kpit.com Subject: [meta-oe][scartgap][PATCH 2/4] imagemagick: Fix CVE-2026-23874 Date: Tue, 17 Feb 2026 14:30:17 +0530 Message-Id: <20260217090019.1076725-2-bhabu.bindu@kpit.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260217090019.1076725-1-bhabu.bindu@kpit.com> References: <20260217090019.1076725-1-bhabu.bindu@kpit.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 Feb 2026 09:01:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124442 Fix CVE-2026-23874 with patch provided by Debian from fixed version. Link: https://security-tracker.debian.org/tracker/CVE-2026-23874 Signed-off-by: Bhabu Bindu --- .../imagemagick/CVE-2026-23874.patch | 40 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23874.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23874.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23874.patch new file mode 100644 index 0000000000..59fa8354e2 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23874.patch @@ -0,0 +1,40 @@ +From 2a09644b10a5b146e0a7c63b778bd74a112ebec3 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Thu, 15 Jan 2026 17:50:19 -0500 +Subject: [PATCH] MSL: Stack overflow via infinite recursion in + ProcessMSLScript + +CVE: CVE-2026-23874 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/2a09644b10a5b146e0a7c63b778bd74a112ebec3] +Signed-off-by: Bhabu Bindu +--- + coders/msl.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/coders/msl.c b/coders/msl.c +index 5b182b5922f..53e3a95d14b 100644 +--- a/coders/msl.c ++++ b/coders/msl.c +@@ -7041,9 +7041,19 @@ static void MSLStartElement(void *context,const xmlChar *tag, + + /* process */ + { +- *msl_info->image_info[n]->magick='\0'; +- (void) WriteImage(msl_info->image_info[n], msl_info->image[n], +- msl_info->exception); ++ (void) CopyMagickString(msl_info->image_info[n]->filename, ++ msl_info->image[n]->filename,MagickPathExtent); ++ (void) SetImageInfo(msl_info->image_info[n],1,exception); ++ if (LocaleCompare(msl_info->image_info[n]->magick,"msl") != 0) ++ { ++ *msl_info->image_info[n]->magick='\0'; ++ (void) WriteImage(msl_info->image_info[n],msl_info->image[n], ++ msl_info->exception); ++ } ++ else ++ (void) ThrowMagickException(msl_info->exception,GetMagickModule(), ++ FileOpenError,"UnableToWriteFile","`%s'", ++ msl_info->image[n]->filename); + break; + } + } diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index 94b2df10a2..0a1d34e313 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -26,6 +26,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-62171.patch \ file://CVE-2025-65955.patch \ file://CVE-2026-22770.patch \ + file://CVE-2026-23874.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Tue Feb 17 09:00:18 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bhabu Bindu X-Patchwork-Id: 81189 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE2A4E6814D for ; Tue, 17 Feb 2026 09:01:44 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.8210.1771318897104649975 for ; Tue, 17 Feb 2026 01:01:37 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=K32birwV; spf=pass (domain: gmail.com, ip: 209.85.210.173, mailfrom: bindudaniel1996@gmail.com) Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-8249cb73792so4193890b3a.3 for ; Tue, 17 Feb 2026 01:01:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1771318896; x=1771923696; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=lLAPBKNe3oEWZaBScj6TmLJUG3vpckt5DissXCo6SOo=; b=K32birwVl5YuDfJmfPPHaIle0J4Up0ZTV4WZ+HiCcDICl13ZWE6tqn2fZxIbD2xBsz wgLnRc9wNXzPz6nMzGpFpcGRdih5giysdt5iT67ODdIZp1qOYHhicq+r60we9F/3dwMi XsXnQOL6+/CFGjchWYxH+d8bGLf7+cCcEg0f7cXiWDjPTUP/ZBQ2ORr0aLzXxJKBlJF/ 1kpWwnwT4rd5VDgAYaeiGhAGhRsxPvh50LRzrQjkAFzjYhIl/vwTFAZsHN6pur7IL6x+ 3QKhwsk1ShqulZ7MBdGZgHs6aHz9h4IcPbsz7odziTTDphfl5EbXeHS5bVZQmrXVgu09 6xnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771318896; x=1771923696; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=lLAPBKNe3oEWZaBScj6TmLJUG3vpckt5DissXCo6SOo=; b=ivCqjPSZP1ieOvKSRcS55dfgiREVYOFdLFW/FXE3WpT+uJ3QATdvjc9ZkwLfyXlLM3 Xt3FatN9fLRGNBr3CR96IorL1+5rSv/SDDkJO/+5VoPtmfyN5FH1sv+gT7cgyq/xbOY/ UhI9vZRZ2Mujzczjn2fLC8sNc8hwAsA3/q+vf0WwBWvPaE8vtwyChJ6lU/phx3/7fTHJ ptiAc5kzgqoQZ7KJPsTOmKP58B4Qe1G8sn+eJU5URmBy7I4waxoUwjU7vNx0eeTW/bIW 0LvjGU5Vpg80VEPt/ZGOVsmVSRpjXDYR7ZdjYoiNHeLYlv07R7LU9+FvVwJv+PeDA4Nf mjng== X-Gm-Message-State: AOJu0Yxem+G6PiP7h9VAkvoUdIYVeYgiOpbtrwwjDCNjg95VHNqq2z6k MqDUsIQ6lr5/EGYOoeRm1xyhLc+G3vbMU6uE9LLFAn1lZa1lqgkkqe0iQsXayg== X-Gm-Gg: AZuq6aJLlePKlLAV65/LXjKIgoUvZEtZsT5dZCCzsEH1o2joq66N4mYcFlGqdepwJxB YN+RHCHA5PW1BuAdvkzr42Kqj4CaK0p2+Tqldc6SovH4vHewyAdjSJ7ybRejXDTSAmarNjfE9f8 +g/8CDNbW6PYAqYz0dGz/8y9cIPNZZ50kg/GmsM43thBs1LI0r+XdqAGJwn9pZr1l6dWe5L5Rr9 aX5gWYzReQB7RXjgoyKzf/nJabsORQk55/jtUUZkUfHx+PqvUSTK0g/fAt+NTXNunrWeaApAKxp UTLX5okHwk6sbOKGyM6XF2b/FCsKmtKXsv5BuxzU00qvt/qexRxd3vfBw7++SmOnsmDi/yxMNRP MmD9WAj6h5U8sG+dE8cpPpG4sgnMqQTUUguhfCNHbFXCDcEwu0oK7TRX1zi/iz1b990pDxs0+K/ CcN6Hy3weUsmHmfYIoTRSeqFRYc+VScJJx5RZogNjw X-Received: by 2002:a05:6300:6702:b0:38d:e87c:48d5 with SMTP id adf61e73a8af0-3948394f471mr9390897637.21.1771318896196; Tue, 17 Feb 2026 01:01:36 -0800 (PST) Received: from L-12443L.kpit.com ([106.51.47.218]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c6e5332facfsm9171274a12.32.2026.02.17.01.01.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Feb 2026 01:01:35 -0800 (PST) From: Bhabu Bindu X-Google-Original-From: Bhabu Bindu To: openembedded-devel@lists.openembedded.org, bhabu.bindu@kpit.com Subject: [meta-oe][scartgap][PATCH 3/4] imagemagick: Fix CVE-2026-23876 Date: Tue, 17 Feb 2026 14:30:18 +0530 Message-Id: <20260217090019.1076725-3-bhabu.bindu@kpit.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260217090019.1076725-1-bhabu.bindu@kpit.com> References: <20260217090019.1076725-1-bhabu.bindu@kpit.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 Feb 2026 09:01:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124443 Fix CVE-2026-23876 with patch provided by NVD advisory. Link: https://nvd.nist.gov/vuln/detail/CVE-2026-23876 Signed-off-by: Bhabu Bindu --- .../imagemagick/CVE-2026-23876.patch | 67 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 68 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23876.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23876.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23876.patch new file mode 100644 index 0000000000..d25038e513 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23876.patch @@ -0,0 +1,67 @@ +From 2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Sun, 18 Jan 2026 17:54:12 +0100 +Subject: [PATCH] Added overflow checks to prevent an out of bounds write + (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8) + +CVE: CVE-2026-23876 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8] +Signed-off-by: Bhabu Bindu +--- + coders/xbm.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/coders/xbm.c b/coders/xbm.c +index a7a798ea168..d6cd5780d44 100644 +--- a/coders/xbm.c ++++ b/coders/xbm.c +@@ -197,6 +197,10 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception) + short int + hex_digits[256]; + ++ size_t ++ bytes_per_line, ++ length; ++ + ssize_t + i, + x, +@@ -209,8 +213,6 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception) + unsigned int + bit, + byte, +- bytes_per_line, +- length, + padding, + version; + +@@ -345,15 +347,15 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception) + if (((image->columns % 16) != 0) && ((image->columns % 16) < 9) && + (version == 10)) + padding=1; +- bytes_per_line=(unsigned int) (image->columns+7)/8+padding; +- length=(unsigned int) image->rows; +- data=(unsigned char *) AcquireQuantumMemory(length,bytes_per_line* +- sizeof(*data)); ++ bytes_per_line=(image->columns+7)/8+padding; ++ if (HeapOverflowSanityCheckGetSize(bytes_per_line,image->rows,&length) != MagickFalse) ++ ThrowReaderException(CorruptImageError,"ImproperImageHeader"); ++ data=(unsigned char *) AcquireQuantumMemory(length,sizeof(*data)); + if (data == (unsigned char *) NULL) + ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + p=data; + if (version == 10) +- for (i=0; i < (ssize_t) (bytes_per_line*image->rows); (i+=2)) ++ for (i=0; i < (ssize_t) length; i+=2) + { + c=XBMInteger(image,hex_digits); + if (c < 0) +@@ -366,7 +368,7 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception) + *p++=(unsigned char) (c >> 8); + } + else +- for (i=0; i < (ssize_t) (bytes_per_line*image->rows); i++) ++ for (i=0; i < (ssize_t) length; i++) + { + c=XBMInteger(image,hex_digits); + if (c < 0) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index 0a1d34e313..abad1fe5d1 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -27,6 +27,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-65955.patch \ file://CVE-2026-22770.patch \ file://CVE-2026-23874.patch \ + file://CVE-2026-23876.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Tue Feb 17 09:00:19 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bhabu Bindu X-Patchwork-Id: 81190 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6011E68150 for ; Tue, 17 Feb 2026 09:01:44 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.8211.1771318900811489778 for ; Tue, 17 Feb 2026 01:01:40 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=IS7dUpz+; spf=pass (domain: gmail.com, ip: 209.85.214.172, mailfrom: bindudaniel1996@gmail.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-2a95de4b5cbso36763575ad.1 for ; Tue, 17 Feb 2026 01:01:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1771318900; x=1771923700; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6uSs3a5CCNddVNUFgszf13QY/vGsIVMTQKLdqg9rcSU=; b=IS7dUpz+FZB83t8oxJrDWYnFD/rmlE/4bJMaI8VqJonNrjLm7zG/tMBAsVVwEuslZg f2DbYYlXjjmI9Y6X3Cy8cIBHSqv6omrUzoNzX7HCHFZd0RF8aYA1ibvZwAFbsVd88S6V eUbBHf5CH7mZmn/FlXd3FifWcBasKaUP+SejUJWauqAB9stIauqXUROItDJglTPSJNgx 631uPfNNoGH/Au9A6aPUm68PVT1aQsj2hyYe0hGDt6at3A5XEa5o5386eHGGrHqt2MhK l9pWyrCtSS8UaBDkFi2zlxSk+/K0R5uAKYzlK9xGDN5yQdZpF6F2QC+QuWkq4WsGuP0L kYeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771318900; x=1771923700; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=6uSs3a5CCNddVNUFgszf13QY/vGsIVMTQKLdqg9rcSU=; b=TQfVMKOeClsqvKTIAxuALhddQKCRjPW99lopLPaXkRgi90sGBXvgSZRhV0TDfGsO5E JF9ZSUp+0fY3PC2oivTEcx8lZlkLBouk7XdgOY+Ffs+DZsGkCsNdnq30GWsnhQ0W/EvV gd5pMje7+/pWNg3+zTWMukxS1eq/7yRAKJ93uTkg7hOre3TWV7v/RtWiIz/jcXtoH5Hn CMbL0RUeHP/Tcn6xljRqZXdf2vVx8SiTIcfpfcShWeyxePigMmfAnZasjal5x+tdZHf7 z4CrHmE9DzFoMSNC8V485xFmDpQcPILiHgKqNTCt8T5tbYf5yPAi8LaAeh9hNTbiU58e ZVtw== X-Gm-Message-State: AOJu0YxhT5bqYSbk01ZaX1JPO37Oc64v6hPZ9XYRTTI3bIDviZ8cxK3y tbRBEBvBXtcpCXfOwmu8sqq9Rq8Xux8Pbc3QmZgtamxjmMjW4O8lxabRFPXCKA== X-Gm-Gg: AZuq6aK7Q66mSGGQ4+IK4DnmPoZ2WvEONg0by707kBK0lEzMYqOQq1sWSFJLjk5tfal nhpiTEPcSic+KksNkreVN2SQsBK46HGWnG1nhhKBPzLWAZqZYnUXVUWcK4bEJSl3pWgti5jEq6i ewfcyGZ+5/jA4lwYdVKQv9GMRekBCMJC5dmFd086Y6QQDCuI4M7QI2rIEEK2QW2JJ5NHce63CA9 lpYDklmsYh9tRRyMh32SNBgK+8vYm6zcQ1RQVvkm4P1bwtnCfKAzir0UNVAo6qAD83SWaQJ26l0 qXIWl2tpGtakU4Ri0DKQctD+CdXr5MQgM/JT3K6tvF693GPF9M+OE9a5X+DVvofkgK4Fi7XLx7f 2fCGXrpCsSGXxfzjzHK8gkuHTBY7Gfpx1TntYCzMGQ8SLiQJUW9ntNvKpMrrlb7n5SuyDDRj7Bl kUkoBUZo8EV/9xS9oBEpALLjN3QTTDTA== X-Received: by 2002:a17:903:388c:b0:2a0:d636:71e7 with SMTP id d9443c01a7336-2ab4cf7c628mr122087455ad.13.1771318899868; Tue, 17 Feb 2026 01:01:39 -0800 (PST) Received: from L-12443L.kpit.com ([106.51.47.218]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c6e5332facfsm9171274a12.32.2026.02.17.01.01.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Feb 2026 01:01:39 -0800 (PST) From: Bhabu Bindu X-Google-Original-From: Bhabu Bindu To: openembedded-devel@lists.openembedded.org, bhabu.bindu@kpit.com Subject: [meta-oe][scartgap][PATCH 4/4] imagemagick: Fix CVE-2026-23952 Date: Tue, 17 Feb 2026 14:30:19 +0530 Message-Id: <20260217090019.1076725-4-bhabu.bindu@kpit.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260217090019.1076725-1-bhabu.bindu@kpit.com> References: <20260217090019.1076725-1-bhabu.bindu@kpit.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 Feb 2026 09:01:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124444 Fix CVE-2026-23952 with patch provided by Debian from fixed version. Link: https://security-tracker.debian.org/tracker/CVE-2026-23952 Signed-off-by: Bhabu Bindu --- .../imagemagick/CVE-2026-23952.patch | 57 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 58 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23952.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23952.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23952.patch new file mode 100644 index 0000000000..d8eb44b44d --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23952.patch @@ -0,0 +1,57 @@ +From 1eefab41bc0ab1c6c2c1fd3e4a49e3ee1849751d Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Thu, 15 Jan 2026 17:34:46 -0500 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8 + +CVE: CVE-2026-23952 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/1eefab41bc0ab1c6c2c1fd3e4a49e3ee1849751d] +Signed-off-by: Bhabu Bindu +--- + PerlMagick/quantum/quantum.pm | 2 +- + coders/msl.c | 12 ++++++++++++ + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/PerlMagick/quantum/quantum.pm b/PerlMagick/quantum/quantum.pm +index 1dd5921fa8e..74cc8168f37 100644 +--- a/PerlMagick/quantum/quantum.pm ++++ b/PerlMagick/quantum/quantum.pm +@@ -6,7 +6,7 @@ package Image::Magick::Q16HDRI; + # You may not use this file except in compliance with the License. You may + # obtain a copy of the License at + # +-# https://imagemagick.org/script/license.php ++# https://imagemagick.org/license/ + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, +diff --git a/coders/msl.c b/coders/msl.c +index fa29764563b..5b182b5922f 100644 +--- a/coders/msl.c ++++ b/coders/msl.c +@@ -7088,6 +7088,12 @@ static void MSLEndElement(void *context,const xmlChar *tag) + { + if (LocaleCompare((const char *) tag,"comment") == 0 ) + { ++ if (msl_info->image[n] == (Image *) NULL) ++ { ++ ThrowMSLException(OptionError,"NoImagesDefined", ++ (const char *) tag); ++ break; ++ } + (void) DeleteImageProperty(msl_info->image[n],"comment"); + if (msl_info->content == (char *) NULL) + break; +@@ -7137,6 +7143,12 @@ static void MSLEndElement(void *context,const xmlChar *tag) + { + if (LocaleCompare((const char *) tag,"label") == 0 ) + { ++ if (msl_info->image[n] == (Image *) NULL) ++ { ++ ThrowMSLException(OptionError,"NoImagesDefined", ++ (const char *) tag); ++ break; ++ } + (void) DeleteImageProperty(msl_info->image[n],"label"); + if (msl_info->content == (char *) NULL) + break; diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index abad1fe5d1..3917eed92e 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -28,6 +28,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2026-22770.patch \ file://CVE-2026-23874.patch \ file://CVE-2026-23876.patch \ + file://CVE-2026-23952.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"