From patchwork Fri Mar 6 15:05:52 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82702 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AEF85FCB60A for ; Fri, 6 Mar 2026 15:06:09 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.70987.1772809565810341357 for ; Fri, 06 Mar 2026 07:06:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=M60h7Vxn; spf=pass (domain: gmail.com, ip: 209.85.128.51, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-4852a8482fcso2622985e9.3 for ; Fri, 06 Mar 2026 07:06:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772809564; x=1773414364; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=jExustlqghuX4dXxDWYZb/kFnLFFpfyYXErJYiOUxxI=; b=M60h7VxnYu/xrmJR25hJ2l3v0Z8ZSSOMkvrmy36Uf0t/kAiUQxYNjRPRAAMZ5Nfm9n gR18KdXzvObMM4odN+gO5I42iDJSaPzVp9KKVOxo7PSjtS1y/qTT0aNl+58K1bFb9iR5 JbSVRLqY8v9Sr6GXbhwj/ktD6vttY/KJDTIr36KaDx44kmv6Nfeu7oubfM5unts/VL4i 8aPV3ZZcNe1KSr3E/HzX8P+9PMJwzgDgEoUDeocZ/Z3VagpX6eGIU6S8/ZjUEZKdWJbQ hNEvmmtWXXkXiRTzAXn12wwmU0ng6rDfkg3i3f6WpriDxVyxzRiTru7bl1Hxh17Az0ru NcoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772809564; x=1773414364; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jExustlqghuX4dXxDWYZb/kFnLFFpfyYXErJYiOUxxI=; b=QPjwcH7k3UShwAc7TBLsVeZA7DbkNjOtiDN/k5I/OjvjVdMRJQmy5T1Le3YvEwulNM kGkyH2TEh03E/XO1B/xrRgtiLRAAtIL4rWrZrT/8cDCGH88gD77enM9oHi0KWnJmpDLy CtFX3zKFUvohGL8pGM6aK7FEbz9cKhV6EkMJyPEX+JW2FsX40ZcPXvTLn7Wu4XoowO9Q rc8leSpeh0Ay2xPgz3iNNP5qG3Wo3sAiUcjKL5eWPFlozxgnua6qawRiBlOaiS3Y8ns0 jO2roUvkVEwujxAsImZsyorjUC1qb2LBtNHRs7QNU5sWIu3W7fbuTiwH1TJyPClHb3J+ dmeg== X-Gm-Message-State: AOJu0YxkmDtlBMH+Qhi13Q2tF0uk6/REcoT1cgFjqWmjd6t1c1Zk53ft RVnJiG8u67qW0UczRsmAs08g4P53eorpDIvH7ObR2yg3197SOFAjm4XzvZE7fA== X-Gm-Gg: ATEYQzzsejUlK49h0ASOphhR1rA84MAZ5Er+dnTrXZdHvwIrKvUDW6iM0oh/LLDIKWV gr2ZGiS5HK/BJ3hItuYvOFllXitRHfaDT0WUiHyj2rmYf0Cvr3NL58ytOYFskv6a2w4dx3N83uc 5Ldrfq04SE8zl2MdQOcbBODX+MAtMzUV/v3FBHMua/ZDbbMQWgfdFlPtixydSXJRqYU3jXCDsev YfrlWNsCRSsaihLCgFHSeUWPIJG6OX9RlZ53hdyjK8t82Hs54/ZK4vbTuOqzMxGGOx6rTy0BJo6 tE1WyxrtlV/OKdO3xzEb2FpcD0Y14qr1GcfNa2c4Qd9bbbDLqqBgodyW6U8wXZh3z47JGjz+zYS j4cFVMcP2OQjDR7nbAKXEv4ixMHuo6HSLw8WnqeeI4meCGSLdtj9GNzNNeiFgeItgsGwYzFhQ6X LvekBX5bJgiln5t0ePw6bB X-Received: by 2002:a05:600c:608f:b0:480:426e:9d38 with SMTP id 5b1f17b1804b1-48526967adfmr38145115e9.27.1772809563833; Fri, 06 Mar 2026 07:06:03 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48527681e3fsm38990205e9.6.2026.03.06.07.06.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 07:06:02 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 01/11] imagemagick: patch CVE-2026-24481 Date: Fri, 6 Mar 2026 16:05:52 +0100 Message-ID: <20260306150602.616834-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 15:06:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124905 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24481 Backport the patch that references the related Github advisory[1] in its description explicitly. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36 Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2026-24481.patch | 25 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 3 ++- 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24481.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24481.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24481.patch new file mode 100644 index 0000000000..3d35a3f1d6 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24481.patch @@ -0,0 +1,25 @@ +From 6778a890f95971c61a16593abc2cd15376d22cdd Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Fri, 23 Jan 2026 13:19:06 +0100 +Subject: [PATCH] Initialize the pixels with empty values to prevent possible + heap information disclosure (GHSA-96pc-27rx-pr36) + +CVE: CVE-2026-24481 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/51c9d33f4770cdcfa1a029199375d570af801c97] +Signed-off-by: Gyorgy Sarvari +--- + coders/psd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/coders/psd.c b/coders/psd.c +index 28495c6d5..bb4ceecd6 100644 +--- a/coders/psd.c ++++ b/coders/psd.c +@@ -1334,6 +1334,7 @@ static MagickBooleanType ReadPSDChannelZip(Image *image, + ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed", + image->filename); + } ++ memset(pixels,0,count*sizeof(*pixels)); + if (ReadBlob(image,compact_size,compact_pixels) != (ssize_t) compact_size) + { + pixels=(unsigned char *) RelinquishMagickMemory(pixels); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index e3f4a96d6f..adf65880b6 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -15,7 +15,8 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P([0-9][\.|_|-]?)+)" SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https;tag=${PV} \ file://run-ptest \ file://imagemagick-ptest.sh \ -" + file://CVE-2026-24481.patch \ + " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e" From patchwork Fri Mar 6 15:05:53 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82703 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AEFB9FCB60B for ; Fri, 6 Mar 2026 15:06:09 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.71229.1772809566288071891 for ; Fri, 06 Mar 2026 07:06:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=X2/2zLRB; spf=pass (domain: gmail.com, ip: 209.85.128.48, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-4852a9c6309so2047325e9.0 for ; Fri, 06 Mar 2026 07:06:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772809565; x=1773414365; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=gSJ6YBJrsa5GqzQdKp1N+CQSCQz6YEVjHgSzmB++ih4=; b=X2/2zLRBonDlrAm1styiZaSenkvZbOTnruKtWvNgvTFaXSNAJz2ewhDD8LQJyuY2Sa GWzaP/0DHyEzTPnDPRUbYJbHJyhi3f0kCcg/WA20Nb5BHysMEgDtbRJsyUGqyxE5yle9 pyLwpNAyg7I+t0eHpj7c1JM4IxIpkcSYyuBgrFlYfMakpk4jTSfo6a3Ndm9mXTUGFqRA Tf9NyU87xneBhhx4vY+vQ/EJZHUKZhraBV2jiMwfYAlXQlGjl9IHZH4nYePNRvWwAf7q AudPIILg/NospQ73xgJwhMthqJg3l8xNoLPZiAktFPkn2ghoBfPINWs5onl7LslNc1j6 f9iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772809565; x=1773414365; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=gSJ6YBJrsa5GqzQdKp1N+CQSCQz6YEVjHgSzmB++ih4=; b=Si6u2nyR3Pua//kzILRu+i7xcw62xDYHaTg8UdLdi/ljnczAnL931BCUuXGKdXQQUu AF05El1wowRgfwI/BJceQy4nP0EaY38HcBoOzGDOthul+7JIWtB6CwNPauXgggtVzwsw 1K5RNr9oNDZxUJqB76HuO7L0Lrj++y8kQnWuYZQb0/oiDflpYAklr9XU4zxQhQtcsbBf nw3trG9pB6s2PMNfIGQi8jno3J9bMwmANAVT+tW8VmkiQk4/d1q+kP3FrPpt4RwXfxhb k2cC/yHUNp11SpJoHcFESicxjc+xyaxVM8xPmFSMbp7OllqzS8aPxZ1mdY1ECRWTAAFm XHNQ== X-Gm-Message-State: AOJu0YyitW3SF/S6+hqs+7yNsXb30TfqShE3ABgXQUY3a7YU2C7Nl1gB rrK2AphFUHc/9XVbA7Y6wHRobR6BYE8Jub8t2JkaH4loSo9bPhv79oOCRwI4gg== X-Gm-Gg: ATEYQzyUeyKYei87dHFum72hqFWjAqdCoggpUI470na74cxYDioPWGndzg+LF76yQ9i TkRNCe9E82rxexCQBA+33c3FwKXDXlg22qgcbhWX0mhXonpwrW58U5Cw0lSlD7Mkp19Vu+VX5/J al5U8p8E3FtwGC/l8qQqthwq7I+EoCgcPnCew/AGfBIaLH+LoNn9tNAqhU5fII+yjT0BL8m0Ttk lItUgeutW246vfz3Ip4ifM6eNeCYN4qZDr4xry9i/aK4EcfdBx1QWoZuin49qdis0J/KLElINw6 hrzEmrvWP4yDvE2+G513n2MBjAOv1QybJKBP9/jZkYRVD1zhoVx4tCK82R/srouBEPpa1MfTCK0 QrI6DRCcA/YqzfXhBjVCLq0A/miY8s9vRajHUFjdYTTMpJLdEwSC+V0RFruVb0YH7PBYzKCYwP0 ogsNWKn/iif9Hu4YG/ntku X-Received: by 2002:a05:600c:3e86:b0:483:8f0f:36fe with SMTP id 5b1f17b1804b1-48526919615mr41251075e9.1.1772809564561; Fri, 06 Mar 2026 07:06:04 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48527681e3fsm38990205e9.6.2026.03.06.07.06.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 07:06:04 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 02/11] imagemagick: patch CVE-2026-24484 Date: Fri, 6 Mar 2026 16:05:53 +0100 Message-ID: <20260306150602.616834-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306150602.616834-1-skandigraun@gmail.com> References: <20260306150602.616834-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 15:06:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124906 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24484 Backport the commit referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2026-24484.patch | 27 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 28 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24484.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24484.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24484.patch new file mode 100644 index 0000000000..b3e094f7c2 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24484.patch @@ -0,0 +1,27 @@ +From fd210bafa27b174f3054e7ec6da4c8cadbd75565 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Fri, 23 Jan 2026 20:27:02 -0500 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv + +CVE: CVE-2026-24484 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/0349df6d43d633bd61bb582d1e1e87d6332de32a] +Signed-off-by: Gyorgy Sarvari +--- + coders/svg.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/coders/svg.c b/coders/svg.c +index f18f86460..2f8a27ebc 100644 +--- a/coders/svg.c ++++ b/coders/svg.c +@@ -4235,6 +4235,9 @@ static MagickBooleanType WriteSVGImage(const ImageInfo *image_info,Image *image, + if (LocaleCompare("graphic-context",token) == 0) + { + n++; ++ if (n == MagickMaxRecursionDepth) ++ ThrowWriterException(DrawError, ++ "VectorGraphicsNestedTooDeeply"); + if (active) + { + AffineToTransform(image,&affine); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index adf65880b6..991b2e363d 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://run-ptest \ file://imagemagick-ptest.sh \ file://CVE-2026-24481.patch \ + file://CVE-2026-24484.patch \ " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e" From patchwork Fri Mar 6 15:05:54 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82705 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D11F4FCB60D for ; Fri, 6 Mar 2026 15:06:09 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.71230.1772809567041102193 for ; Fri, 06 Mar 2026 07:06:07 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=AeqePj1m; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-483abed83b6so78564735e9.0 for ; Fri, 06 Mar 2026 07:06:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772809565; x=1773414365; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ccBGokhW9wclWb3qrvVc8USkkdsbNTUs7FIbjQsFe0g=; b=AeqePj1mf4oxCQO9qj8bZxwCh9G6Ht9UwOSdmCe5P74ZjUfYJ+zL+kiEegFXj56fEn wCfPbWz1F6CiIWV3BdvgqmSK0UXkL+GASRYLXLI2HO0M32LSQbeSr6LMdSZbrkz1sXVm BQ36lWkvtwAcb0C0jwebCvbuTmTssR+dTPNsErLoE35MpFJDTmImtHmc88b0iPoViJK9 6TPqWZT3FKR7yOtm5x1gE11VgFoh110y/KfW6jz/bKhUHJGhvwTYjTwboZ2/Z0gpcNol HK/OUDkjoj4aQg+eqvOhghlQpBini5nWXausjGB4VPeHWQFVwx9kKmMhNORpUS2ICK42 NUqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772809565; x=1773414365; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ccBGokhW9wclWb3qrvVc8USkkdsbNTUs7FIbjQsFe0g=; b=gBtCMg/t16oCM4M8JS+6COplFEUyqt7KMKhCfOUPmTRJmg3UJYEyD9wUkBqHU4gakB SrQvkliq7iICcKn/sOI0kGzLa8J+IwpJVvkyvtsyEVLx+prqVlSHsErZHIhVbD5cCzlY tCWOh84t0Z/dqD8f36PsG95d7bS9wUoDQlRldA+fWPcHiRyMoTPMMrgx7ToLHpKQM9N2 WYyar/U1MynJtseHsV3Lwh+PWL+aPp+z22sKh5Z/3Z52lM5eOd9DEs+BdZyPPLg0/A7v zLp6CLNGoBGfsTNorWJGbfd10tczCNAQ0lTuHVqiTRzYoMtg+b59sA6QLfSvU7Kzld9x hp7A== X-Gm-Message-State: AOJu0YwWwjIyXxb+uVFqF+N7ON9yNm7New5qrgFxtywoUym+UsH0mHqa 78+oo3HaK3VuMf6GgarElQwmkW4dPmhJsj7kSFPUevBJw8Ka80Ufr84/Nuf/5A== X-Gm-Gg: ATEYQzwwu/ThekCrB0Dyi8h1K18ijJMRzodeVWFtxbgncHblrdEq9eqBufTgY381Qqs Lr7hi1oZkPpkWfJpEAin41w0NxyM+o8dnC3E0lgHKdW5IZzzUhvx6iZNgoihX8BIeRGX5eHKLws Yx60L9gLbdYt2lw5ZNt/gsiAtcx3M3BQvbj8ahEeKt3qif8qf+U9FWgOHLAMXv2XHBxCxzd460P F9QbQN4FhEY3VE/UZ/YjyWZml3p0v/QxCBVpHbXpZYKPJMOYh+uwEvlsGvIIehyTxGYTVWOwtfv fRnmy2ymVmceJj8eQTPNQYqP2Q6KJ3cdIaadFJyLvE771+xf0tnhRUCzkFZt7CO1WLfTRhuOI13 GRnEcOXkYkIqGWJo3Z17CDRusYIvfbrqL0g0IqGX43teblb64ay1GDX/oseOptzKJ3r+Z7lFwuA vaP1E0Lm3ORfw+MBMJ2g03FJvpCz0lDkM= X-Received: by 2002:a05:600c:3488:b0:480:49ce:42cc with SMTP id 5b1f17b1804b1-48526925656mr38769195e9.9.1772809565256; Fri, 06 Mar 2026 07:06:05 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48527681e3fsm38990205e9.6.2026.03.06.07.06.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 07:06:04 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 03/11] imagemagick: patch CVE-2026-24485 Date: Fri, 6 Mar 2026 16:05:54 +0100 Message-ID: <20260306150602.616834-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306150602.616834-1-skandigraun@gmail.com> References: <20260306150602.616834-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 15:06:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124907 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24485 Backport the patch that is referenced by the NVD advisory. Note that the backport is much shorter than the upstream version, only the macro change from the top was backported. There are two reasons for this: 1. The omitted part fails to apply to this version. 2. The omitted part also doesn't introduce any changes. In one part it only shuffles around variable names: it consolidates variable declarations to avoid duplication, without any logic change, and in the other part it introduces a new dedicated "extent" variable to store memory size (instead of "size" variable), but that is also just cosmetics, and introduces no change in the code. The actual fix is in the macro change, which is in this patch. Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2026-24485.patch | 45 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 46 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24485.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24485.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24485.patch new file mode 100644 index 0000000000..7196aaeb4d --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24485.patch @@ -0,0 +1,45 @@ +From 8b1f339454f9896e518f4c20482e150a9eefb304 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Thu, 22 Jan 2026 19:25:35 -0500 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85 + +CVE: CVE-2026-24485 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50] +Signed-off-by: Gyorgy Sarvari +--- + coders/pcd.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/coders/pcd.c b/coders/pcd.c +index db613504f..9477c75c0 100644 +--- a/coders/pcd.c ++++ b/coders/pcd.c +@@ -116,19 +116,26 @@ static MagickBooleanType DecodeImage(Image *image,unsigned char *luma, + #define IsSync(sum) ((sum & 0xffffff00UL) == 0xfffffe00UL) + #define PCDGetBits(n) \ + { \ ++ ssize_t \ ++ byte_count = 0x800; \ ++ \ + sum=(sum << n) & 0xffffffff; \ + bits-=n; \ + while (bits <= 24) \ + { \ + if (p >= (buffer+0x800)) \ + { \ +- (void) ReadBlob(image,0x800,buffer); \ ++ byte_count=ReadBlob(image,0x800,buffer); \ ++ if (byte_count != 0x800) \ ++ break; \ + p=buffer; \ + } \ + sum|=(((unsigned int) (*p)) << (24-bits)); \ + bits+=8; \ + p++; \ + } \ ++ if (byte_count != 0x800) \ ++ break; \ + } + + typedef struct PCDTable diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index 991b2e363d..3e2d3ab344 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -17,6 +17,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://imagemagick-ptest.sh \ file://CVE-2026-24481.patch \ file://CVE-2026-24484.patch \ + file://CVE-2026-24485.patch \ " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e" From patchwork Fri Mar 6 15:05:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82707 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 03FAFFCB60E for ; Fri, 6 Mar 2026 15:06:10 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.70988.1772809568168463445 for ; Fri, 06 Mar 2026 07:06:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=YdDzWj+n; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-483703e4b08so91181865e9.1 for ; Fri, 06 Mar 2026 07:06:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772809566; x=1773414366; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=qlAzP83lFvnTjIL3oyhm728i5veiLXvOesiH7QUFkJY=; b=YdDzWj+ngctYbiNktW2XKxR4dAZxBIo15+FEmadkieSzhdNoQr13lfi/Xb379+fx1k 7fhFFe8wfdJQQ8+n3cbCvJDQwckEgXgRnROD+ed0730RbCLPvViprfq6GKpCLj9MHEgU tLtG/nUHcoPieI3tH9US2Cf1UeXQay2e7p6M8KXRX/DNLatVO577Q3VEmygZNkMzHKWl yajzSTGildegiFPwsV2cqv/9vEZuFbzcZxXUxn4UgsOimRaIuttKWJiFPXXgbr4yNaR9 jjn4RJZU3ZAmH8hAa4+0kttgUOHOkuRB2oBlTUoUTjpoIqPLtK5lx8cSb+KVOb0KFsZf P1MA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772809566; x=1773414366; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=qlAzP83lFvnTjIL3oyhm728i5veiLXvOesiH7QUFkJY=; b=tzX6UGBwO2KEDskQA+m7Dh8cuDJCL8jKtaagz+AVUSvQZ9vEBUDbyr0lnscsVrZIrY 8ZfdLJKaYplAdBRIk6HsoR6KLrRZPVM+vTd+mYwpeQxSBAxb9jA+ch8+sIYTNz1ZUQil mOT2N/FZ0u7i4G7//h++I1yGwzUP4wgcdZPHrFvGmb6fr18yGrqyhBmZCK+yNw0oGnhO mjy6/Mb2e2ricnEVSyyRjJUNbzCRbdSsWIW0sA40m3ZZtwmaA97qUEy19x/eRSchJ07D hTfvYGVMRGoUT0b0WdH+M4IVqMmJ5DNcnW4I58/Uj2JUh3CHRlvM/WB68AWBafVkjT69 vnFA== X-Gm-Message-State: AOJu0YwsmhGJ5nCaDODQKxB6z8naft7F/gsXptUjDlv0K3XTwRwJKUDH ifoGBlbL1wLudTZGrn6EcybYBxD58KqH7K27Nwd4u5xLXzD1N4fD7qW7GuvGDw== X-Gm-Gg: ATEYQzzvt0UcjIMej+LPcM6XHaePCvZT6Q6H+yC54z824dHIMIR4tsJ3zHyeT2mkfDm kkCG5xYWz8Zc8sGlQSiyQj4/wnKii47TjfCkU/eD8/ZV0G6A9BnE1BJJ1tAHn6CkrsBeB+p9H2t 6iHglbPod0zOUHJxiTISq9Od1Ix2kLCg+XhUFz8bkhPsOnBLhoVKUnZA+A9ks314Jn1p6jWKmeX 9/IYTi9ZdC/PlynJh8Eb7NIM+GChRzuS8gs9bjRH6oreHCbRbhU2jYUf2D6F4P+/B5VnyMEackq NP/xuJyZ31AyyhItyynehI+7ijPB7DT0sSi9DVRMNl1aNp+0T6k/MvSu++tOeuo35xQKkk5+eJt MmPNKvVNO3BMsDlOV555x9Gdd9VRDEgNf2/25Vnbng/r+zeoxXph0Xnh1pjX9yfu+9hEd6bbGzw G4DYel2CuzqFj1UzrE0kwT X-Received: by 2002:a05:600c:8b2b:b0:477:9890:9ab8 with SMTP id 5b1f17b1804b1-48526715213mr35768285e9.3.1772809566104; Fri, 06 Mar 2026 07:06:06 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48527681e3fsm38990205e9.6.2026.03.06.07.06.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 07:06:05 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 04/11] imagemagick: patch CVE-2026-25576 Date: Fri, 6 Mar 2026 16:05:55 +0100 Message-ID: <20260306150602.616834-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306150602.616834-1-skandigraun@gmail.com> References: <20260306150602.616834-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 15:06:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124908 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25576 Backport the patch that is referenced by he NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2026-25576.patch | 604 ++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 605 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25576.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25576.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25576.patch new file mode 100644 index 0000000000..87003f503e --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25576.patch @@ -0,0 +1,604 @@ +From 5b9798eeef019d2f9c6f120fbc173ffd872a7cf7 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Sun, 25 Jan 2026 19:21:20 +0100 +Subject: [PATCH] Fixed out of bounds read in multiple coders that read raw + pixel data (GHSA-jv4p-gjwq-9r2j) + +CVE: CVE-2026-25576 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/077b42643212d7da8c1a4f6b2cd0067ebca8ec0f] +Signed-off-by: Gyorgy Sarvari +--- + coders/bgr.c | 22 ++++++++++++---------- + coders/cmyk.c | 26 ++++++++++++++------------ + coders/gray.c | 14 ++++++++------ + coders/raw.c | 4 +++- + coders/rgb.c | 26 +++++++++++++++----------- + coders/ycbcr.c | 22 ++++++++++++---------- + 6 files changed, 64 insertions(+), 50 deletions(-) + +diff --git a/coders/bgr.c b/coders/bgr.c +index 822653543..4b4939054 100644 +--- a/coders/bgr.c ++++ b/coders/bgr.c +@@ -125,6 +125,7 @@ static Image *ReadBGRImage(const ImageInfo *image_info,ExceptionInfo *exception) + length; + + ssize_t ++ columns, + count, + y; + +@@ -203,6 +204,7 @@ static Image *ReadBGRImage(const ImageInfo *image_info,ExceptionInfo *exception) + scene=0; + status=MagickTrue; + stream=NULL; ++ columns=(ssize_t) MagickMin(image->columns,canvas_image->columns); + do + { + /* +@@ -264,7 +266,7 @@ static Image *ReadBGRImage(const ImageInfo *image_info,ExceptionInfo *exception) + if ((p == (const Quantum *) NULL) || + (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + SetPixelGreen(image,GetPixelGreen(canvas_image,p),q); +@@ -347,7 +349,7 @@ static Image *ReadBGRImage(const ImageInfo *image_info,ExceptionInfo *exception) + if ((p == (const Quantum *) NULL) || + (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + switch (quantum_type) + { +@@ -443,7 +445,7 @@ static Image *ReadBGRImage(const ImageInfo *image_info,ExceptionInfo *exception) + if ((p == (const Quantum *) NULL) || + (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -496,7 +498,7 @@ static Image *ReadBGRImage(const ImageInfo *image_info,ExceptionInfo *exception) + if ((p == (const Quantum *) NULL) || + (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelGreen(image,GetPixelGreen(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -549,7 +551,7 @@ static Image *ReadBGRImage(const ImageInfo *image_info,ExceptionInfo *exception) + if ((p == (const Quantum *) NULL) || + (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelBlue(image,GetPixelBlue(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -611,7 +613,7 @@ static Image *ReadBGRImage(const ImageInfo *image_info,ExceptionInfo *exception) + if ((p == (const Quantum *) NULL) || + (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelAlpha(image,GetPixelAlpha(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -702,7 +704,7 @@ static Image *ReadBGRImage(const ImageInfo *image_info,ExceptionInfo *exception) + if ((p == (const Quantum *) NULL) || + (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -774,7 +776,7 @@ static Image *ReadBGRImage(const ImageInfo *image_info,ExceptionInfo *exception) + if ((p == (const Quantum *) NULL) || + (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelGreen(image,GetPixelGreen(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -846,7 +848,7 @@ static Image *ReadBGRImage(const ImageInfo *image_info,ExceptionInfo *exception) + if ((p == (const Quantum *) NULL) || + (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelBlue(image,GetPixelBlue(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -920,7 +922,7 @@ static Image *ReadBGRImage(const ImageInfo *image_info,ExceptionInfo *exception) + if ((p == (const Quantum *) NULL) || + (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelAlpha(image,GetPixelAlpha(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +diff --git a/coders/cmyk.c b/coders/cmyk.c +index 03f193ef4..3929bad95 100644 +--- a/coders/cmyk.c ++++ b/coders/cmyk.c +@@ -125,6 +125,7 @@ static Image *ReadCMYKImage(const ImageInfo *image_info, + length; + + ssize_t ++ columns, + count, + y; + +@@ -202,6 +203,7 @@ static Image *ReadCMYKImage(const ImageInfo *image_info, + scene=0; + status=MagickTrue; + stream=NULL; ++ columns=(ssize_t) MagickMin(image->columns,canvas_image->columns); + do + { + /* +@@ -264,7 +266,7 @@ static Image *ReadCMYKImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + SetPixelGreen(image,GetPixelGreen(canvas_image,p),q); +@@ -348,7 +350,7 @@ static Image *ReadCMYKImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + switch (quantum_type) + { +@@ -443,7 +445,7 @@ static Image *ReadCMYKImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -495,7 +497,7 @@ static Image *ReadCMYKImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelGreen(image,GetPixelGreen(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -547,7 +549,7 @@ static Image *ReadCMYKImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelBlue(image,GetPixelBlue(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -599,7 +601,7 @@ static Image *ReadCMYKImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelBlack(image,GetPixelBlack(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -654,7 +656,7 @@ static Image *ReadCMYKImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelAlpha(image,GetPixelAlpha(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -744,7 +746,7 @@ static Image *ReadCMYKImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -815,7 +817,7 @@ static Image *ReadCMYKImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelGreen(image,GetPixelGreen(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -887,7 +889,7 @@ static Image *ReadCMYKImage(const ImageInfo *image_info, + if ((p == (const Quantum *) NULL) || + (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelBlue(image,GetPixelBlue(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -959,7 +961,7 @@ static Image *ReadCMYKImage(const ImageInfo *image_info, + if ((p == (const Quantum *) NULL) || + (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelBlack(image,GetPixelBlack(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -1033,7 +1035,7 @@ static Image *ReadCMYKImage(const ImageInfo *image_info, + if ((p == (const Quantum *) NULL) || + (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelAlpha(image,GetPixelAlpha(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +diff --git a/coders/gray.c b/coders/gray.c +index 14bdaf034..fc06b77f2 100644 +--- a/coders/gray.c ++++ b/coders/gray.c +@@ -126,6 +126,7 @@ static Image *ReadGRAYImage(const ImageInfo *image_info, + length; + + ssize_t ++ columns, + count, + y; + +@@ -203,6 +204,7 @@ static Image *ReadGRAYImage(const ImageInfo *image_info, + scene=0; + status=MagickTrue; + stream=NULL; ++ columns=(ssize_t) MagickMin(image->columns,canvas_image->columns); + do + { + /* +@@ -263,7 +265,7 @@ static Image *ReadGRAYImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + SetPixelGreen(image,GetPixelGreen(canvas_image,p),q); +@@ -343,7 +345,7 @@ static Image *ReadGRAYImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + switch (quantum_type) + { +@@ -423,7 +425,7 @@ static Image *ReadGRAYImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelGray(image,GetPixelGray(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -478,7 +480,7 @@ static Image *ReadGRAYImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelAlpha(image,GetPixelAlpha(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -568,7 +570,7 @@ static Image *ReadGRAYImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -642,7 +644,7 @@ static Image *ReadGRAYImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelAlpha(image,GetPixelAlpha(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +diff --git a/coders/raw.c b/coders/raw.c +index c7abd8798..ec3f6fb4b 100644 +--- a/coders/raw.c ++++ b/coders/raw.c +@@ -119,6 +119,7 @@ static Image *ReadRAWImage(const ImageInfo *image_info,ExceptionInfo *exception) + length; + + ssize_t ++ columns, + count, + y; + +@@ -187,6 +188,7 @@ static Image *ReadRAWImage(const ImageInfo *image_info,ExceptionInfo *exception) + length=0; + status=MagickTrue; + stream=NULL; ++ columns=(ssize_t) MagickMin(image->columns,canvas_image->columns); + do + { + /* +@@ -239,7 +241,7 @@ static Image *ReadRAWImage(const ImageInfo *image_info,ExceptionInfo *exception) + 1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + SetPixelGreen(image,GetPixelGreen(canvas_image,p),q); +diff --git a/coders/rgb.c b/coders/rgb.c +index 80b0f2d0f..a0c95fa2e 100644 +--- a/coders/rgb.c ++++ b/coders/rgb.c +@@ -126,6 +126,7 @@ static Image *ReadRGBImage(const ImageInfo *image_info,ExceptionInfo *exception) + + ssize_t + count, ++ columns, + y; + + unsigned char +@@ -206,6 +207,7 @@ static Image *ReadRGBImage(const ImageInfo *image_info,ExceptionInfo *exception) + scene=0; + status=MagickTrue; + stream=NULL; ++ columns=(ssize_t) MagickMin(image->columns,canvas_image->columns); + do + { + /* +@@ -266,7 +268,7 @@ static Image *ReadRGBImage(const ImageInfo *image_info,ExceptionInfo *exception) + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + SetPixelGreen(image,GetPixelGreen(canvas_image,p),q); +@@ -350,7 +352,7 @@ static Image *ReadRGBImage(const ImageInfo *image_info,ExceptionInfo *exception) + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + switch (quantum_type) + { +@@ -445,7 +447,7 @@ static Image *ReadRGBImage(const ImageInfo *image_info,ExceptionInfo *exception) + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -497,7 +499,7 @@ static Image *ReadRGBImage(const ImageInfo *image_info,ExceptionInfo *exception) + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelGreen(image,GetPixelGreen(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -549,7 +551,7 @@ static Image *ReadRGBImage(const ImageInfo *image_info,ExceptionInfo *exception) + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelBlue(image,GetPixelBlue(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -603,7 +605,7 @@ static Image *ReadRGBImage(const ImageInfo *image_info,ExceptionInfo *exception) + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelAlpha(image,GetPixelAlpha(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -693,7 +695,7 @@ static Image *ReadRGBImage(const ImageInfo *image_info,ExceptionInfo *exception) + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -764,7 +766,7 @@ static Image *ReadRGBImage(const ImageInfo *image_info,ExceptionInfo *exception) + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelGreen(image,GetPixelGreen(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -835,7 +837,7 @@ static Image *ReadRGBImage(const ImageInfo *image_info,ExceptionInfo *exception) + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelBlue(image,GetPixelBlue(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -908,7 +910,7 @@ static Image *ReadRGBImage(const ImageInfo *image_info,ExceptionInfo *exception) + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelAlpha(image,GetPixelAlpha(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -1025,6 +1027,7 @@ static Image *ReadRGB565Image(const ImageInfo *image_info, + length; + + ssize_t ++ columns, + count, + y; + +@@ -1097,6 +1100,7 @@ static Image *ReadRGB565Image(const ImageInfo *image_info, + scene=0; + status=MagickTrue; + stream=NULL; ++ columns=(ssize_t) MagickMin(image->columns,canvas_image->columns); + do + { + /* +@@ -1150,7 +1154,7 @@ static Image *ReadRGB565Image(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + unsigned short + pixel; +diff --git a/coders/ycbcr.c b/coders/ycbcr.c +index 00caf73a3..7f5cee14d 100644 +--- a/coders/ycbcr.c ++++ b/coders/ycbcr.c +@@ -125,6 +125,7 @@ static Image *ReadYCBCRImage(const ImageInfo *image_info, + length; + + ssize_t ++ columns, + count, + y; + +@@ -202,6 +203,7 @@ static Image *ReadYCBCRImage(const ImageInfo *image_info, + scene=0; + status=MagickTrue; + stream=NULL; ++ columns=(ssize_t) MagickMin(image->columns,canvas_image->columns); + do + { + /* +@@ -264,7 +266,7 @@ static Image *ReadYCBCRImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + SetPixelGreen(image,GetPixelGreen(canvas_image,p),q); +@@ -346,7 +348,7 @@ static Image *ReadYCBCRImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + switch (quantum_type) + { +@@ -436,7 +438,7 @@ static Image *ReadYCBCRImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -488,7 +490,7 @@ static Image *ReadYCBCRImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelGreen(image,GetPixelGreen(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -540,7 +542,7 @@ static Image *ReadYCBCRImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelBlue(image,GetPixelBlue(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -594,7 +596,7 @@ static Image *ReadYCBCRImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelAlpha(image,GetPixelAlpha(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -684,7 +686,7 @@ static Image *ReadYCBCRImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(image,GetPixelRed(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -755,7 +757,7 @@ static Image *ReadYCBCRImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelGreen(image,GetPixelGreen(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -826,7 +828,7 @@ static Image *ReadYCBCRImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelBlue(image,GetPixelBlue(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); +@@ -900,7 +902,7 @@ static Image *ReadYCBCRImage(const ImageInfo *image_info, + image->columns,1,exception); + if ((p == (const Quantum *) NULL) || (q == (Quantum *) NULL)) + break; +- for (x=0; x < (ssize_t) image->columns; x++) ++ for (x=0; x < columns; x++) + { + SetPixelAlpha(image,GetPixelAlpha(canvas_image,p),q); + p+=(ptrdiff_t) GetPixelChannels(canvas_image); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index 3e2d3ab344..6e0b42cd2a 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -18,6 +18,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2026-24481.patch \ file://CVE-2026-24484.patch \ file://CVE-2026-24485.patch \ + file://CVE-2026-25576.patch \ " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e" From patchwork Fri Mar 6 15:05:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82704 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DCF9FCB611 for ; Fri, 6 Mar 2026 15:06:10 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.71233.1772809568688252316 for ; Fri, 06 Mar 2026 07:06:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=BbhEiPXu; spf=pass (domain: gmail.com, ip: 209.85.128.41, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-4836f363ad2so109128925e9.1 for ; Fri, 06 Mar 2026 07:06:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772809567; x=1773414367; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=dzB4eCJSOwoHOWM08vjAGtmEV/qow6F+2N6eV6Rf4Cw=; b=BbhEiPXuKRauNevoR0uSnxYyHuPimSW1j5lyHKVd2tyFshX731WPDWXdBFvsN5wP0G 4NlZNbne3Kt2GII2qup+rex9ZsbpoTUUgoeULZ8Sg10aItv1Te0CpgD+AxRVtp9nuCh2 uSNVRojRCB6Y85tW+d+5VzHAN5TiFlcfgHtSWGWbTT2Bes0lyHKuzTL4nCHH2rd1en1s 3CASMUBeSNPWVgEIIQl/Nn47maSKxSApuXxh03ZXlvZftarvtJn74mBcokOEYec/M7KZ IREz/aIb8zEJ5+WLrg2UteLheR6Baab2MkT7VVThAn+y1duVR3aT8yQfXdtk0Q8dUV+4 E4Xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772809567; x=1773414367; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=dzB4eCJSOwoHOWM08vjAGtmEV/qow6F+2N6eV6Rf4Cw=; b=Q+/tsU32aO66Z33HIHDmUEaAYuhBJWvJyFMFRAOSo96rGkdmjKL7z+9n1A17CBcWuO DT9a1F3ltPX/IZhNEzIAwkhx608+X5YqBEUc2kIgERT5HHlLnRe0xXGEcz2YXKxOf8JS oOOWRUSGoDKGWo2XxHT7koVSEpAHBcjLEmLUAOSjpWFu6LkxFdu9bCf8I6CvpT8bZPMp 5ES2WneUxD/wN0mfYWhed7zqYudsyeZ2SR7e625KCvW+OQQ76eTKkHebvgNSivMncac5 Sa2UW+KBIYvgH587QtnrSnxpAL7lfrDJAVUaEqWy9IhygMAybeLnLF5NxLgqX/hIq7+2 gVtg== X-Gm-Message-State: AOJu0Yz+AFUsnk+VO1tL9z4GRRPTT5z7vTWjPGeZM16oNvovKPhNR1Je 7yz7giN4DW1t8kiz9ajFigpEFuVPHKqrooWPTo62hUmfVdVv8MiOBkUFuly3Tw== X-Gm-Gg: ATEYQzyv7RyMAi0Cs5AgEB1MET+X973Hrfr15pnzxg7YCbUJd07ZWEJLfse6KyXn98N zAb/ELX66jq3R/RDgsWWeGtjwmQGGc3e5D77hM04J0AN9roDyPrC9bSEqkmaET+wYW8MOuSYmv8 kK7cQv8KJepvOe5xKeZ3lL5sHeMr5XG/K0shdtFub+xIEHJ/zMRWNVqi2ptkXv9Ld0FPD6DZEZN YHoD1BV4rCEP4Djiz+EqwI/VPwGOo5Xz9Pw0K3J1USwbMUvgJqQyro0jJpP4EMGb2vK4ot3lsO0 lF3NiTyFlDQYLDQ4e+s15owaY7BN8DsO8njGgRGeoSF/32239+L8ne7zP5AYFv+gwwgULWpEAW1 vkFQntOPiKtI+XxilOf5VUAmlKJ4mWl4MztfPvWzib/c7opp54Xu9KtpIy5XIY7LPI8BwzorVYY +v64wayutkg07DxgDw9GcN X-Received: by 2002:a05:600c:6387:b0:483:3380:ca0c with SMTP id 5b1f17b1804b1-48526979206mr41116225e9.35.1772809566810; Fri, 06 Mar 2026 07:06:06 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48527681e3fsm38990205e9.6.2026.03.06.07.06.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 07:06:06 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 05/11] imagemagick: patch CVE-2026-25637 Date: Fri, 6 Mar 2026 16:05:56 +0100 Message-ID: <20260306150602.616834-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306150602.616834-1-skandigraun@gmail.com> References: <20260306150602.616834-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 15:06:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124909 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25637 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2026-25637.patch | 41 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25637.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25637.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25637.patch new file mode 100644 index 0000000000..030a833966 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25637.patch @@ -0,0 +1,41 @@ +From b5cf2b185d6b08eae82a401483623ab780dcfc25 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Wed, 4 Feb 2026 17:19:53 +0100 +Subject: [PATCH] Fixed possible memory leak (GHSA-gm37-qx7w-p258) + +CVE: CVE-2026-25637 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22f57c8901137] +Signed-off-by: Gyorgy Sarvari +--- + coders/ashlar.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/coders/ashlar.c b/coders/ashlar.c +index e94cd473d..a6c8c769c 100644 +--- a/coders/ashlar.c ++++ b/coders/ashlar.c +@@ -655,13 +655,13 @@ static Image *ASHLARImage(ImageInfo *image_info,Image *image, + *label, + offset[MagickPathExtent]; + +- DrawInfo +- *draw_info = CloneDrawInfo(image_info,(DrawInfo *) NULL); +- + label=InterpretImageProperties((ImageInfo *) image_info,tile_image, + value,exception); + if (label != (const char *) NULL) + { ++ DrawInfo ++ *draw_info = CloneDrawInfo(image_info,(DrawInfo *) NULL); ++ + (void) CloneString(&draw_info->text,label); + label=DestroyString(label); + (void) FormatLocaleString(offset,MagickPathExtent,"%+g%+g",(double) +@@ -669,6 +669,7 @@ static Image *ASHLARImage(ImageInfo *image_info,Image *image, + geometry.y/2.0+4); + (void) CloneString(&draw_info->geometry,offset); + status=AnnotateImage(ashlar_image,draw_info,exception); ++ draw_info=DestroyDrawInfo(draw_info); + } + } + #if defined(MAGICKCORE_OPENMP_SUPPORT) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index 6e0b42cd2a..362ce24e59 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -19,6 +19,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2026-24484.patch \ file://CVE-2026-24485.patch \ file://CVE-2026-25576.patch \ + file://CVE-2026-25637.patch \ " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e" From patchwork Fri Mar 6 15:05:57 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82706 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56066FCB613 for ; Fri, 6 Mar 2026 15:06:10 +0000 (UTC) Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.70990.1772809569326165787 for ; Fri, 06 Mar 2026 07:06:09 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=HU9l6QPY; spf=pass (domain: gmail.com, ip: 209.85.221.51, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f51.google.com with SMTP id ffacd0b85a97d-439ac15f35fso5971394f8f.0 for ; Fri, 06 Mar 2026 07:06:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772809568; x=1773414368; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/IEreVc1AariqfEzRzV1NxN/iJ7fOBlHUNOCm79t5XQ=; b=HU9l6QPYCxVBcOXYPLLaAWPk1Qu+utCCwQZHrvLMJnLOrL8chaKlOyN+VuPozpF5wq vUTXSGo3JTq1LXgznOnRUyNyltGJd7CSkeKKzOZ11iQWb0w1wuL3lCRdfJIQ2AvlnqQg 3sKc43Xh9gD6cQOGff2jYNW3R33s2WC5vYJakZp9w5rUZvCoxvNqx89naFeWX1wvnkvx nyjFCSRjO8oJCLzN55RiA8eSc2vCbQINu6M9AxrxxhhzL2Aj+pdINIeNvNHSqJoXtUaO OjLsEz1xTlZWYZvf84WzwaEybFTgB/FKYcTrPDJAzKongF3XL80LojHzHQav6O2bnMgE bpdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772809568; x=1773414368; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=/IEreVc1AariqfEzRzV1NxN/iJ7fOBlHUNOCm79t5XQ=; b=n0ZsilPDSUx38dSj0E44nakr4fFIsPkVAN1FiBLN3Zo0ABUWf9zLg/MuAmNUN7aAuZ A8aXtJDXRT1i6/mcMl1wWR8b5BicRshTrttAm3ZBsnSzdlAwWxQMqOhS5smdSZ343eJ0 VnuK2q+EQlODUqn8riaISXI5FLvRr11EWMSYi9XlEZGcREDhrFhP67zVKtkEs0C4aU4C JXBBfOZOShglUd2qdAVqWAsKYbr+iG9F4fBRMw1JNMyjx9hv3o4sIHH/fmNjFrn4YXTR 0oZnQo+urw1MdQ6pMlDUvqH1AErP93/J2CWGLTLuN8hRrMrD9qsGx0vmZ/HUURed9oQc BSug== X-Gm-Message-State: AOJu0YxQAMjlGHmjv03iYw3zfstPECwGWU614tHytC+qFwRtZ5hCmgUT ReLaEVc0lMZcvDI4JtIvChYXlmPwC+lispN3AREPr5FUowqUn03VOlxjoFn56g== X-Gm-Gg: ATEYQzzrVZOZalENuf23VmmeRjisQzdOlzjw/FEaDvZWVLDJzl8YqQaQdcnnXeXsVzR Ns6QaG4UKDYMsG2xvecx9WA6FXS6o1ujI9uuDT8oZYEkmbbcGj/ZT2lmQg8niWwpfOO2X7FjUhI Dnp5SnGmU2og55kocsjKulyO10lBRo67LiGPk1KgVJTrYOSMsMKEqObsKJFno7dmyc84yjQSw9m i2GZdKwJJrmse41aGL1sm8X4tNiMILBmGgYRystSD4VxtKNjKISOVrkQwqFbMGKSKCS3rxtnAmf r5TuDIiv1WDa9RoH5c2Fc4MhnSXffErvxIitxC6fytw+wu/PZ0+3ucmu/IkDXA6rNPC+S0F5hdC 9b84/64U75A/TE4pSUBgz15LDTlGAofUMvdbyZP7e932EcOwDzowTktN5x7dl+l8mLwBfn4Vabn tGzatsbJpQZPP1Bs0kZuiS X-Received: by 2002:a05:600c:8b77:b0:47d:92bb:2723 with SMTP id 5b1f17b1804b1-4852691c681mr41786525e9.3.1772809567550; Fri, 06 Mar 2026 07:06:07 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48527681e3fsm38990205e9.6.2026.03.06.07.06.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 07:06:07 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 06/11] imagemagick: patch CVE-2026-25638 Date: Fri, 6 Mar 2026 16:05:57 +0100 Message-ID: <20260306150602.616834-6-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306150602.616834-1-skandigraun@gmail.com> References: <20260306150602.616834-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 15:06:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124910 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25638 Backport the patch that references the related github advisory[1] in its commit message. Just a few commits later upstream decided to slightly change the same line in a new commit[2] - this patch contains that change too. (Though functionally they seem to do the same in this case: the new version frees only one image, the original version was freeing an image list, by calling the function from the new version repeatedly). [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gxcx-qjqp-8vjw [2]: https://github.com/ImageMagick/ImageMagick/commit/6a35526c7ce2b5dd690ded6c423b6eb6c0147967 Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2026-25638.patch | 26 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 27 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25638.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25638.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25638.patch new file mode 100644 index 0000000000..df019d9f6b --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25638.patch @@ -0,0 +1,26 @@ +From 4a70293b882cd1bea92eab5eaa1951553109d636 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Tue, 3 Feb 2026 22:06:12 +0100 +Subject: [PATCH] Fixed memory leak when writing MSL files + (GHSA-gxcx-qjqp-8vjw) + +CVE: CVE-2026-25638 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/1e88fca11c7b8517100d518bc99bd8c474f02f88 && +https://github.com/ImageMagick/ImageMagick/commit/6a35526c7ce2b5dd690ded6c423b6eb6c0147967] +Signed-off-by: Gyorgy Sarvari +--- + coders/msl.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/coders/msl.c b/coders/msl.c +index 53e3a95d1..bf764f0d5 100644 +--- a/coders/msl.c ++++ b/coders/msl.c +@@ -7887,6 +7887,7 @@ static MagickBooleanType WriteMSLImage(const ImageInfo *image_info,Image *image, + (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename); + msl_image=CloneImage(image,0,0,MagickTrue,exception); + status=ProcessMSLScript(image_info,&msl_image,exception); ++ msl_image=DestroyImage(msl_image); + return(status); + } + #endif diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index 362ce24e59..4b5a7fbb14 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2026-24485.patch \ file://CVE-2026-25576.patch \ file://CVE-2026-25637.patch \ + file://CVE-2026-25638.patch \ " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e" From patchwork Fri Mar 6 15:05:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82708 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45866FCB60B for ; Fri, 6 Mar 2026 15:06:20 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.70991.1772809570090104015 for ; Fri, 06 Mar 2026 07:06:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=MhYqxvKf; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-4836d4c26d3so73949085e9.2 for ; Fri, 06 Mar 2026 07:06:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772809568; x=1773414368; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=j4AIXI2RPhQI+YtD/G/ANsOEkyD86DkXaeiqtiHVYJY=; b=MhYqxvKfqb1AkqtTntjDal6aE128HQ7/1xoxBaPJsFfIeIIXczEJzCNDLckotzn7Bp Ln9QB2pauwQQ4u14AmePCMVHfBf5z6wdPKUOOO1HKH904yEL+F97VoNncx+2kkx9V4Jv KArIiEZwomW2FKmsBdeGZkkv06h6HVS3B5uIOIpKUIqLsYZl2zgrEY57y5IOiKTskN7i yx0b1TOLVkx9/FbsJiXhuYl8AVepH3/eLl7wTq5G5be5fdZEEcMopqZ9RlQhF7xvcVOx 2ZA0Yggty8OtNOnXcXvZ9wJ7tJhgw2s0A4sGiWQ8Fd7wr3qVpf9Ti9uoTqxPmuv1xsuw 7Kzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772809568; x=1773414368; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=j4AIXI2RPhQI+YtD/G/ANsOEkyD86DkXaeiqtiHVYJY=; b=YotIuoOH1iInC9Zj4/saBuzxwJ2GUV5INe7j92+Cwz8YRLwufYna0iiCIfNtpZ+Z8X 8pmhVJzfcvjdB1x8WHAOWH0ODE0DLw+hRBdLbx0t7XOIB5dsvZJw84GzNVMFkSMg4Q6n OMq7rqeo8yWa2qyGBZnY8C0O0+7l3FwyHdORtiJglZlWrGQR9hXRBrIJjlbKOSZgkTc8 Ov0luduXvJ6JobVzix+pVz7I6BNn4bdB9AwpseGO0P1bQe0YJBw7zDZznwytJTOvjg5J FwaJyPEDsx/7S+nbpQ33C4ZUUVkv2Bv6t4yIWNV8Dsdn3506WbZas21zduotJ0ee22zH Vg0g== X-Gm-Message-State: AOJu0YxrNIkFzmQ5dADgNojVorK/bPeDQDgws9wzE4a2X6wPJnlrOViL NeGUJlCz3Ua0vvZJLZSKVcuYHn9VYkzDiIaUcTOeOuIVNqM5bMQEn2UpTN676A== X-Gm-Gg: ATEYQzx0BKIMnoUCvlw+t0GM/8Nw3+7LsXsuiF4aygp7TuHD0Ym/SkVf0uH2dV3MrlB Cfyw4AwBxEQdK4X18RXLdlaGgMPN/X8pqkAG4S9UK5WdYaojQ7EpJ/t1f4zq5pM7TKtrCL819p5 KyHpLsMy+G2jM5TKhg7XX0MNepIqTs9D9Bx6Fcnrw+S0/HQP+iSVTE3GuWkZaKWIXaoh+XrqOmB Qd6O+lxCd+agugxbx5Wu8VMGM22/RhvFSVXNuPRG3DRkxqaNV6ah4Z+oDd1wWvJUhXBz7viLzDP 4rR8QNJ+Dy/dFRsXBXNCq9nz+TzNDBi5vqMXK3CzJi8DUMcAB/nURsrG85skC2VWUkSdmbXVhaL v+KRepikcb2yovTx8If6ZMQeG+suZeOcGvwbnv8X9WAW/wGKeCYpp2olEmqQdp53bC/pR/vEbya 7QWnEEak4f5pOfNPGZc3oa X-Received: by 2002:a05:600c:500d:b0:483:709e:f238 with SMTP id 5b1f17b1804b1-48526968008mr38368155e9.29.1772809568282; Fri, 06 Mar 2026 07:06:08 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48527681e3fsm38990205e9.6.2026.03.06.07.06.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 07:06:07 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 07/11] imagemagick: patch CVE-2026-25794 Date: Fri, 6 Mar 2026 16:05:58 +0100 Message-ID: <20260306150602.616834-7-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306150602.616834-1-skandigraun@gmail.com> References: <20260306150602.616834-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 15:06:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124911 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25794 Backport the patch that references the relevant Github advisory[1] in its commit message explicitly. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2026-25794.patch | 54 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 55 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25794.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25794.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25794.patch new file mode 100644 index 0000000000..8eb9f14d57 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25794.patch @@ -0,0 +1,54 @@ +From c4f271dbcbe543b3395f83a1b5416927500c2aa4 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Fri, 6 Feb 2026 21:03:53 +0100 +Subject: [PATCH] Prevent out of bounds heap write in uhdr encoder + (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h) + +CVE: CVE-2026-25794 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/ffe589df5ff8ce1433daa4ccb0d2a9fadfbe30ed] +Signed-off-by: Gyorgy Sarvari +--- + coders/uhdr.c | 24 ++++++++++++++++-------- + 1 file changed, 16 insertions(+), 8 deletions(-) + +diff --git a/coders/uhdr.c b/coders/uhdr.c +index fc436595e..101d6a90f 100644 +--- a/coders/uhdr.c ++++ b/coders/uhdr.c +@@ -618,20 +618,28 @@ static MagickBooleanType WriteUHDRImage(const ImageInfo *image_info, + { + /* Classify image as hdr/sdr intent basing on depth */ + int +- bpp = image->depth >= hdrIntentMinDepth ? 2 : 1; +- +- int +- aligned_width = image->columns + (image->columns & 1); +- +- int +- aligned_height = image->rows + (image->rows & 1); ++ bpp; + + ssize_t +- picSize = aligned_width * aligned_height * bpp * 1.5 /* 2x2 sub-sampling */; ++ aligned_height, ++ aligned_width; ++ ++ size_t ++ picSize; + + void + *crBuffer = NULL, *cbBuffer = NULL, *yBuffer = NULL; + ++ if (((double) image->columns > sqrt(MAGICK_SSIZE_MAX/3.0)) || ++ ((double) image->rows > sqrt(MAGICK_SSIZE_MAX/3.0))) ++ { ++ (void) ThrowMagickException(exception,GetMagickModule(),ImageError, ++ "WidthOrHeightExceedsLimit","%s",image->filename); ++ goto next_image; ++ } ++ bpp = image->depth >= hdrIntentMinDepth ? 2 : 1; ++ aligned_width = image->columns + (image->columns & 1); ++ picSize = aligned_width * aligned_height * bpp * 1.5 /* 2x2 sub-sampling */; + if (IssRGBCompatibleColorspace(image->colorspace) && !IsGrayColorspace(image->colorspace)) + { + if (image->depth >= hdrIntentMinDepth && hdr_ct == UHDR_CT_LINEAR) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index 4b5a7fbb14..ab73da952c 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -21,6 +21,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2026-25576.patch \ file://CVE-2026-25637.patch \ file://CVE-2026-25638.patch \ + file://CVE-2026-25794.patch \ " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e" From patchwork Fri Mar 6 15:05:59 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82709 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5122EFCB611 for ; Fri, 6 Mar 2026 15:06:20 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.71236.1772809570612841314 for ; Fri, 06 Mar 2026 07:06:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=fVERd1te; spf=pass (domain: gmail.com, ip: 209.85.128.42, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-4837634de51so40782455e9.1 for ; Fri, 06 Mar 2026 07:06:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772809569; x=1773414369; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Rl+iFb2O3oN4MN0XnYUGgswLpd5/P1b9CYYYPaiXGXg=; b=fVERd1tegWr5S/RX4bY6iCAOSwshTv6Gh3FXnPeTrvDzIsUB2IToQyxcBOd0OKL+T9 1bNr/IPUNvAdIpFZOvpkgNLBdtCbtt0JXm4gPUtEA620RBZEz91uHM8axH2ky6asb6gh YdUok7lxRS2NYc5y0pNMBtrVMxa9WiePIZ+p+7xXgrACX9DVtiAoNX1W2SCbogV31xsx TyOp7rUFVijyLQVddQEloUUNrZ5kjMusD2OVo7XMn3HQ3hz5yvoPN/7EZA5XwAqqb8Lp Sxspj/x6OaPRYWiCKB1sLvg6fdJat1Qv/WZzRzrtfQzPqv7uHnw/WV0oZdyYnCZiy0JP gvyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772809569; x=1773414369; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Rl+iFb2O3oN4MN0XnYUGgswLpd5/P1b9CYYYPaiXGXg=; b=NHb4ltax61JdwSgypb7Jqn5MX/a5W4M+5B6Bi7zfhAMRFI7OHu6+gLUpzaMYEopsTH YX2+9gHCYXWt/fNpxlL8fuUdZsHLZnQmT2As4T0MqB1juTRh3CXKFBKhZMZdLruM8Rcc GZu8YAp/1UmCIWtN4Ftroi3H83uFpJHg8CD0VxOp6gal4Niy7zRuTLUgtTzcbmJ2UYvX DjgbppAfj0+3AmVBi8i+Qe8fZkWfH/TNtMyNVbRY6KHsN7tL0vWOvJQiB9gAL3rmvdXJ G1ZRG8wViaBicGw/DoDpVhCSToC5yMPL1NzYJBHRmNNhowIENpOB5zwEjCWDtEL5KCz1 gtSw== X-Gm-Message-State: AOJu0Yy5XqFMLr08BnNKUzSAU2MY1INlBnUxyPLbMqe16WN7iXwutb+y qOq0DV2d+fRCtqY1EbTdES5Npk022PkSPlVbCber0z1juWIJZu1tzB6YUFUN8A== X-Gm-Gg: ATEYQzxtpDKni8BYrX8wWI3CbPHhtjdXb9kAfOAdEM7uwveZ5PKRDEN/+PNWBRMk/1y kb3kxg4D5PxVYL3Vbs1m5G106xF7hRQLi5nfAc5PHlC+13dlteAiw/p476e+l3U+i5rhNM7nd56 +ZPEPiSIV0Ce6MU0KyWtUChQ1ecVVjjCd7oe/RgotDzzgPHNxSH53ubsiDIFCtBP+aO7rPcNsqU /W+hpkY+wGI3nyQP8IMc4koMbAfIYsTOgvi1+eNQ/rHmznKnwCwztTb8fMfVu3DzMtRtWVZedla kDRm9EKUeeueVYez7novgFS92B9rVIrJ/tP6TFaZec/pYSN9Ew47dKfgu9/8XX8I7dcqjvwB//a g6XkSKAZ9LXwi99oZ7Ctaf8EZvQGsS4l9pwTmBQSd8xDaD+EW6aEa+IQihBmBmnSLIXcWVFNcx/ ZdnlPnnz4umZxF6j0rUri+Nzf3WKNDzdc= X-Received: by 2002:a05:600c:b86:b0:483:78c5:d743 with SMTP id 5b1f17b1804b1-48526969908mr38172365e9.28.1772809568956; Fri, 06 Mar 2026 07:06:08 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48527681e3fsm38990205e9.6.2026.03.06.07.06.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 07:06:08 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 08/11] imagemagick: patch CVE-2026-25795 Date: Fri, 6 Mar 2026 16:05:59 +0100 Message-ID: <20260306150602.616834-8-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306150602.616834-1-skandigraun@gmail.com> References: <20260306150602.616834-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 15:06:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124912 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25795 Backport the commit the references the related Github advisory[1] explicitly in its commit message. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2026-25795.patch | 28 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25795.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25795.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25795.patch new file mode 100644 index 0000000000..8ff74a43a6 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25795.patch @@ -0,0 +1,28 @@ +From 1a9ce954971581375f746fda76c73fc94c0b5535 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Fri, 6 Feb 2026 21:16:10 +0100 +Subject: [PATCH] Fixed NULL pointer dereference in ReadSFWImage + (GHSA-p33r-fqw2-rqmm) + +CVE: CVE-2026-25795 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/0c7d0b9671ae2616fca106dcada45536eb4df5dc] +Signed-off-by: Gyorgy Sarvari +--- + coders/sfw.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/coders/sfw.c b/coders/sfw.c +index f7ab1ef10..cc5fcedc6 100644 +--- a/coders/sfw.c ++++ b/coders/sfw.c +@@ -317,9 +317,9 @@ static Image *ReadSFWImage(const ImageInfo *image_info,ExceptionInfo *exception) + if ((unique_file == -1) || (file == (FILE *) NULL)) + { + buffer=(unsigned char *) RelinquishMagickMemory(buffer); +- read_info=DestroyImageInfo(read_info); + (void) CopyMagickString(image->filename,read_info->filename, + MagickPathExtent); ++ read_info=DestroyImageInfo(read_info); + ThrowFileException(exception,FileOpenError,"UnableToCreateTemporaryFile", + image->filename); + image=DestroyImageList(image); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index ab73da952c..8c1e8eb926 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -22,6 +22,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2026-25637.patch \ file://CVE-2026-25638.patch \ file://CVE-2026-25794.patch \ + file://CVE-2026-25795.patch \ " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e" From patchwork Fri Mar 6 15:06:00 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82710 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65FD7FCB613 for ; Fri, 6 Mar 2026 15:06:20 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.71238.1772809571388850700 for ; Fri, 06 Mar 2026 07:06:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=fuz/NsMN; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-48372efa020so83210785e9.2 for ; Fri, 06 Mar 2026 07:06:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772809570; x=1773414370; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=qeyuoKWIUarf7339bnStNHyb/wbcV6dqRKtpbyCf59w=; b=fuz/NsMN/MuIb05gTp75fZsMp6McKIE/L6MhGvTHGb+1feU5863wz4ROZEJ72OUXkk PtardF6zEpzwfkogBk/YQW2eOvDwuLatNEmfw9zjSJR2jnfk5OOS9JARGhMaJYrn76m1 sxFQK6nRwZ93BqA7XOq0FtPOLgJFRp4UVi85NrlTXpKe5x5Kvdme7l8w8m1mMrnxv0dk 2ObJBQw8Aax3nc/LNxw7CDOnvLY3h0AkzMuoqQ85rQHv/VbMhE4PBBu3/VUS5/gYYiVr +6oiTQZbiE5X02maYaRPIlnn3B/UInVFrBqmQpCY8ZnJm9iXHccsm77/3KmY1MalFIat 2snA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772809570; x=1773414370; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=qeyuoKWIUarf7339bnStNHyb/wbcV6dqRKtpbyCf59w=; b=oL6aBVsTuuOs8TTKHK8JgfwTc5+TJS9nOMvUujznDB/BfGeXMSVomNs6G+nkI3JU9o L9yb9sw6vIPQSWaE8SonCQWdJw1DhRL2WGoo4/1gDMAV8VhRmE50XJdll4OlFq8qbx4M fC0W6SdDX7mSaS0+E7Gj9YpdYlJsMfFy/Vep03+x0nqarrVf5936+bkG1+qGqQf2G2W0 FG4yuldXXm2Hvi0jp3ch/lVlBf+06o2ZpkgR4YDJA2T940PoJiELu7Y+CISSiNm8APQx sr78s8hVQJOWO34P4xWx4WzRHtKzv4fk56SsnqH8DgrxV7ye8PSZv+cSp75oY9dCxEM4 hVxg== X-Gm-Message-State: AOJu0YywYfzqpd3KE/86VZ53SglMFEZPa/OXKYZGvxki/Nabw3gppPdX v/M7dWlfHimg+wPsqCFQRjmO/wmKWViFKu036CjyavhHv6dVJ6EsCEE/gWOh8g== X-Gm-Gg: ATEYQzxhrDJcXhMz2Tl/NSYegpzPTd6Q6V7WqAUGOJGH2H/6ru1qpTBsx1cO/I1qMxm RYt9ealjnr3ZpezDxCD0yQp5zoucGOSK5L56XUjMsgUFuXFD0EX8h6Qm3BDyPW7o1Cmt2PYmnR8 1pjeAwtFQLF6TdqXlGOx2/F2Rv3QGgnTQp8MaDQUUWcwC55DbjO2dxBi3sTH6x6dJQs8tF7Hkzq 0mQQgOJJW2isWsTmqwvtFPxtWp9bz5k8+96YqbFsgbP8JTNAdZl2bP/UyIjdXSXFXbitoDV8fGa yPnpmiFfLIh9FKiTM78ip6rkZZ818NQSALHdq7frwclHAVAMNXtpUc6gCJlTSL/YBfn+eWWgPx3 FjnwHfaf8rxQohZHqWd/sX+pks99PB+q/c6ayvVwtRAOL41Yhdg8UC4WjDPzuXBsWifkK/3Yv6c NGSjUVIfrUzBAfQmiYZNXV X-Received: by 2002:a05:600c:8b61:b0:483:702d:2df with SMTP id 5b1f17b1804b1-485269840cbmr36248625e9.32.1772809569594; Fri, 06 Mar 2026 07:06:09 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48527681e3fsm38990205e9.6.2026.03.06.07.06.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 07:06:09 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 09/11] imagemagick: patch CVE-2026-25796 Date: Fri, 6 Mar 2026 16:06:00 +0100 Message-ID: <20260306150602.616834-9-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306150602.616834-1-skandigraun@gmail.com> References: <20260306150602.616834-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 15:06:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124913 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25796 Backport the patch that mentions the related Github advisory[1] in its commit message. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2026-25796.patch | 41 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25796.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25796.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25796.patch new file mode 100644 index 0000000000..aa77f22066 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25796.patch @@ -0,0 +1,41 @@ +From 0564895c393d0aa21578739ad3126a447a4beace Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Fri, 6 Feb 2026 21:10:47 +0100 +Subject: [PATCH] Prevent memory leak in early exits (GHSA-g2pr-qxjg-7r2w) + +CVE: CVE-2026-25796 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/93ad259ce4f6d641eea0bee73f374af90f35efc3] +Signed-off-by: Gyorgy Sarvari +--- + coders/stegano.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/coders/stegano.c b/coders/stegano.c +index 9f5eb6b80..b68d6ce6d 100644 +--- a/coders/stegano.c ++++ b/coders/stegano.c +@@ -150,15 +150,22 @@ static Image *ReadSTEGANOImage(const ImageInfo *image_info, + return(DestroyImage(image)); + watermark->depth=MAGICKCORE_QUANTUM_DEPTH; + if (AcquireImageColormap(image,MaxColormapSize,exception) == MagickFalse) +- ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); ++ { ++ watermark=DestroyImage(watermark); ++ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); ++ } + if (image_info->ping != MagickFalse) + { ++ watermark=DestroyImage(watermark); + (void) CloseBlob(image); + return(GetFirstImageInList(image)); + } + status=SetImageExtent(image,image->columns,image->rows,exception); + if (status == MagickFalse) +- return(DestroyImageList(image)); ++ { ++ watermark=DestroyImage(watermark); ++ return(DestroyImageList(image)); ++ } + for (y=0; y < (ssize_t) image->rows; y++) + { + q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index 8c1e8eb926..bb1272d512 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -23,6 +23,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2026-25638.patch \ file://CVE-2026-25794.patch \ file://CVE-2026-25795.patch \ + file://CVE-2026-25796.patch \ " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e" From patchwork Fri Mar 6 15:06:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82712 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83043FCB615 for ; Fri, 6 Mar 2026 15:06:20 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.70992.1772809572086325553 for ; Fri, 06 Mar 2026 07:06:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=hhKS4LdS; spf=pass (domain: gmail.com, ip: 209.85.128.42, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-48371bb515eso138602325e9.1 for ; Fri, 06 Mar 2026 07:06:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772809570; x=1773414370; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Yb7BiTY4hFlYWZyA8rTMDpvdoKP/vOyYKch1WmsDfQI=; b=hhKS4LdSn5I9kQWH9OzpkIMpf7TB2Kh5Jm3RJXC4RbGyo8AgQ265euZDI26JIj+EfN /lOUL+0oPM/ZYldWwF3cICD5W2QaBc9RQ1joehUiFdC/Zz09tLds8L7lj4PAwLJc2Bjz t0FdXjxsZ497ejXQSoPQ4AMUZSbFImS8hl6pO70xgE3Vh+jzNe4+7tVPYaGlragvYOcB AJV0XCsK8t6tAiM/KmoRZpVCosi5866NTlYZqoVSS4PG/9JzDSpuuzXqWhRaTKpy6U5/ 7nIK9MVSo/mIG0rkO8lZzFWo+dk/iFNCQPQtkanf/JvisCWWoZaaFPtlZgWznjyhIDw5 o8Bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772809570; x=1773414370; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Yb7BiTY4hFlYWZyA8rTMDpvdoKP/vOyYKch1WmsDfQI=; b=Kvp19OolClEbOsBjBhMlirI9/SbmH6JUAOAN5cJ8FlclxzsZ0EOv58SeSe47/eRWKO PrWYc87rDni3tqyvX3cKzbSRA1FmfxBQPGJEAmajkN+ZPHibrKPBM5JMvWZsnDozTImn eW3CIdIbj1OR/OSY+lkvclM54I29R0IguOk4WUAZOg2Q2hQTo7pnvVZf1f+mfvk3nBfS 5YxkhoGbwbZfdQEN+ZCYeLMLd1v3abj4JZryd32Q2s2YYfgX1T3Nl1VSJx/9C8nJrPBy mKyOu47Gb3Fl96nbyhDRU0rNb9VANDLf7vsWaBDCfFdmZsu39BuALVLtCRTXFSjeTpqx bmZA== X-Gm-Message-State: AOJu0Ywm2JOkb/SWrENhCLAx0P5YRPIsANX2p1LUJWpmQw0TgDUV2eTX ecs4jhGJqOyYfX1clB5pjTjemY0gnqMz2NQgTPV4JbWDa2oCUi9qg82BQTKsRg== X-Gm-Gg: ATEYQzzCC6TUbvUEZqOdKvYttfQcyacUESVMBJGumYpw9hzacbagqRz8W0IqmzcEHGQ /b87jBfuC99MGjMdDeFbvU2gt/ALyGN9KoCCo9JM34qOMpMFLhGd1m+2KbDGwOqCRelUZ0WcHmo 3SHTO8uUv312eyUEkFI8ITkeSQBHubI0enK9ANzbiMzarGwRUEn+qTwLjxLB8wyUJRdO+i1ie+4 qj+jBF6KTTpLYNvKHZQPJ1VoWtMQgBbC2c5KIwIqRmkj2uW5ZHTrLIsTyjFh+gHhH3Gnx3oVVJx Zh6ye1ohbpDPrhdFGQ9B+8cIrSfjgJSBoQ4Ugj2ftO7uREzYRImpvRq/kM05jnCHdtdJd83rsle dJM8D0FcxEyvUJ9X8s1I93bbkBJexUtdXAIg1Fupgf/SKEIrzWfwG6Aoj/Y5z0QCeLfxV5TkdU0 zYBGReF6FOviB8ZpU846zE X-Received: by 2002:a05:600c:45d1:b0:477:7c7d:d9b2 with SMTP id 5b1f17b1804b1-4852697844emr39565235e9.32.1772809570251; Fri, 06 Mar 2026 07:06:10 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48527681e3fsm38990205e9.6.2026.03.06.07.06.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 07:06:09 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 10/11] imagemagick: patch CVE-2026-25797 Date: Fri, 6 Mar 2026 16:06:01 +0100 Message-ID: <20260306150602.616834-10-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306150602.616834-1-skandigraun@gmail.com> References: <20260306150602.616834-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 15:06:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124914 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25797 Backport the patch that mentions the related Github advisory[1] in its commit message. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2026-25797.patch | 339 ++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 340 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25797.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25797.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25797.patch new file mode 100644 index 0000000000..aa88a81203 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25797.patch @@ -0,0 +1,339 @@ +From cd63a33f1ec263e27049cdfb9d1345e1a4bd564f Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Fri, 6 Feb 2026 21:28:50 +0100 +Subject: [PATCH] Prevent code injection via PostScript header + (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v) + +CVE: CVE-2026-25797 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/26088a83d71e9daa203d54a56fe3c31f3f85463d] +Signed-off-by: Gyorgy Sarvari +--- + coders/ps.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++- + coders/ps2.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++- + coders/ps3.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++- + 3 files changed, 243 insertions(+), 3 deletions(-) + +diff --git a/coders/ps.c b/coders/ps.c +index 66b08e8c7..d2ea34588 100644 +--- a/coders/ps.c ++++ b/coders/ps.c +@@ -1086,6 +1086,82 @@ static inline unsigned char *PopHexPixel(const char hex_digits[][3], + return(pixels); + } + ++static inline void FilenameToTitle(const char *filename,char *title, ++ const size_t extent) ++{ ++ int ++ depth = 0; ++ ++ ssize_t ++ i, ++ offset = 0; ++ ++ if (extent == 0) ++ return; ++ for (i=0; (filename[i] != '\0') && ((offset+1) < (ssize_t) extent); i++) ++ { ++ unsigned char ++ c = filename[i]; ++ ++ /* ++ Only allow printable ASCII. ++ */ ++ if ((c < 32) || (c > 126)) ++ { ++ title[offset++]='_'; ++ continue; ++ } ++ /* ++ Percent signs break DSC parsing. ++ */ ++ if (c == '%') ++ { ++ title[offset++]='_'; ++ continue; ++ } ++ /* ++ Parentheses must remain balanced. ++ */ ++ if (c == '(') ++ { ++ depth++; ++ title[offset++] = '('; ++ continue; ++ } ++ if (c == ')') ++ { ++ if (depth <= 0) ++ title[offset++]='_'; ++ else ++ { ++ depth--; ++ title[offset++]=')'; ++ } ++ continue; ++ } ++ /* ++ Everything else is allowed. ++ */ ++ title[offset++]=c; ++ } ++ /* ++ If parentheses remain unbalanced, close them. ++ */ ++ while ((depth > 0) && ((offset+1) < (ssize_t) extent)) { ++ title[offset++]=')'; ++ depth--; ++ } ++ title[offset]='\0'; ++ /* ++ Ensure non-empty result. ++ */ ++ if (offset == 0) ++ { ++ (void) CopyMagickString(title,"Untitled",extent-1); ++ title[extent-1]='\0'; ++ } ++} ++ + static MagickBooleanType WritePSImage(const ImageInfo *image_info,Image *image, + ExceptionInfo *exception) + { +@@ -1554,6 +1630,9 @@ static MagickBooleanType WritePSImage(const ImageInfo *image_info,Image *image, + text_size=(size_t) (MultilineCensus(value)*pointsize+12); + if (page == 1) + { ++ char ++ title[MagickPathExtent]; ++ + /* + Output Postscript header. + */ +@@ -1564,8 +1643,9 @@ static MagickBooleanType WritePSImage(const ImageInfo *image_info,Image *image, + MagickPathExtent); + (void) WriteBlobString(image,buffer); + (void) WriteBlobString(image,"%%Creator: (ImageMagick)\n"); ++ FilenameToTitle(image->filename,title,MagickPathExtent); + (void) FormatLocaleString(buffer,MagickPathExtent,"%%%%Title: (%s)\n", +- image->filename); ++ title); + (void) WriteBlobString(image,buffer); + timer=GetMagickTime(); + (void) FormatMagickTime(timer,sizeof(date),date); +diff --git a/coders/ps2.c b/coders/ps2.c +index 82935dc8e..009129a98 100644 +--- a/coders/ps2.c ++++ b/coders/ps2.c +@@ -225,6 +225,82 @@ static MagickBooleanType Huffman2DEncodeImage(const ImageInfo *image_info, + return(status); + } + ++static inline void FilenameToTitle(const char *filename,char *title, ++ const size_t extent) ++{ ++ int ++ depth = 0; ++ ++ ssize_t ++ i, ++ offset = 0; ++ ++ if (extent == 0) ++ return; ++ for (i=0; (filename[i] != '\0') && ((offset+1) < (ssize_t) extent); i++) ++ { ++ unsigned char ++ c = filename[i]; ++ ++ /* ++ Only allow printable ASCII. ++ */ ++ if ((c < 32) || (c > 126)) ++ { ++ title[offset++]='_'; ++ continue; ++ } ++ /* ++ Percent signs break DSC parsing. ++ */ ++ if (c == '%') ++ { ++ title[offset++]='_'; ++ continue; ++ } ++ /* ++ Parentheses must remain balanced. ++ */ ++ if (c == '(') ++ { ++ depth++; ++ title[offset++] = '('; ++ continue; ++ } ++ if (c == ')') ++ { ++ if (depth <= 0) ++ title[offset++]='_'; ++ else ++ { ++ depth--; ++ title[offset++]=')'; ++ } ++ continue; ++ } ++ /* ++ Everything else is allowed. ++ */ ++ title[offset++]=c; ++ } ++ /* ++ If parentheses remain unbalanced, close them. ++ */ ++ while ((depth > 0) && ((offset+1) < (ssize_t) extent)) { ++ title[offset++]=')'; ++ depth--; ++ } ++ title[offset]='\0'; ++ /* ++ Ensure non-empty result. ++ */ ++ if (offset == 0) ++ { ++ (void) CopyMagickString(title,"Untitled",extent-1); ++ title[extent-1]='\0'; ++ } ++} ++ + static MagickBooleanType WritePS2Image(const ImageInfo *image_info,Image *image, + ExceptionInfo *exception) + { +@@ -547,6 +623,9 @@ static MagickBooleanType WritePS2Image(const ImageInfo *image_info,Image *image, + text_size=(size_t) (MultilineCensus(value)*pointsize+12); + if (page == 1) + { ++ char ++ title[MagickPathExtent]; ++ + /* + Output Postscript header. + */ +@@ -557,8 +636,9 @@ static MagickBooleanType WritePS2Image(const ImageInfo *image_info,Image *image, + MagickPathExtent); + (void) WriteBlobString(image,buffer); + (void) WriteBlobString(image,"%%Creator: (ImageMagick)\n"); ++ FilenameToTitle(image->filename,title,MagickPathExtent); + (void) FormatLocaleString(buffer,MagickPathExtent,"%%%%Title: (%s)\n", +- image->filename); ++ title); + (void) WriteBlobString(image,buffer); + timer=GetMagickTime(); + (void) FormatMagickTime(timer,sizeof(date),date); +diff --git a/coders/ps3.c b/coders/ps3.c +index 77ddf050b..2b02d49b5 100644 +--- a/coders/ps3.c ++++ b/coders/ps3.c +@@ -203,6 +203,82 @@ ModuleExport void UnregisterPS3Image(void) + % + */ + ++static inline void FilenameToTitle(const char *filename,char *title, ++ const size_t extent) ++{ ++ int ++ depth = 0; ++ ++ ssize_t ++ i, ++ offset = 0; ++ ++ if (extent == 0) ++ return; ++ for (i=0; (filename[i] != '\0') && ((offset+1) < (ssize_t) extent); i++) ++ { ++ unsigned char ++ c = filename[i]; ++ ++ /* ++ Only allow printable ASCII. ++ */ ++ if ((c < 32) || (c > 126)) ++ { ++ title[offset++]='_'; ++ continue; ++ } ++ /* ++ Percent signs break DSC parsing. ++ */ ++ if (c == '%') ++ { ++ title[offset++]='_'; ++ continue; ++ } ++ /* ++ Parentheses must remain balanced. ++ */ ++ if (c == '(') ++ { ++ depth++; ++ title[offset++] = '('; ++ continue; ++ } ++ if (c == ')') ++ { ++ if (depth <= 0) ++ title[offset++]='_'; ++ else ++ { ++ depth--; ++ title[offset++]=')'; ++ } ++ continue; ++ } ++ /* ++ Everything else is allowed. ++ */ ++ title[offset++]=c; ++ } ++ /* ++ If parentheses remain unbalanced, close them. ++ */ ++ while ((depth > 0) && ((offset+1) < (ssize_t) extent)) { ++ title[offset++]=')'; ++ depth--; ++ } ++ title[offset]='\0'; ++ /* ++ Ensure non-empty result. ++ */ ++ if (offset == 0) ++ { ++ (void) CopyMagickString(title,"Untitled",extent-1); ++ title[extent-1]='\0'; ++ } ++} ++ + static MagickBooleanType Huffman2DEncodeImage(const ImageInfo *image_info, + Image *image,Image *inject_image,ExceptionInfo *exception) + { +@@ -1007,6 +1083,9 @@ static MagickBooleanType WritePS3Image(const ImageInfo *image_info,Image *image, + is_gray=IdentifyImageCoderGray(image,exception); + if (page == 1) + { ++ char ++ title[MagickPathExtent]; ++ + /* + Postscript header on the first page. + */ +@@ -1019,8 +1098,9 @@ static MagickBooleanType WritePS3Image(const ImageInfo *image_info,Image *image, + (void) FormatLocaleString(buffer,MagickPathExtent, + "%%%%Creator: ImageMagick %s\n",MagickLibVersionText); + (void) WriteBlobString(image,buffer); ++ FilenameToTitle(image->filename,title,MagickPathExtent); + (void) FormatLocaleString(buffer,MagickPathExtent,"%%%%Title: %s\n", +- image->filename); ++ title); + (void) WriteBlobString(image,buffer); + timer=GetMagickTime(); + (void) FormatMagickTime(timer,sizeof(date),date); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index bb1272d512..2f6c8079cf 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -24,6 +24,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2026-25794.patch \ file://CVE-2026-25795.patch \ file://CVE-2026-25796.patch \ + file://CVE-2026-25797.patch \ " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e" From patchwork Fri Mar 6 15:06:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82711 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9409DFCB617 for ; Fri, 6 Mar 2026 15:06:20 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.71239.1772809572758503859 for ; Fri, 06 Mar 2026 07:06:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=EX8sIx9H; spf=pass (domain: gmail.com, ip: 209.85.128.43, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-4852b81c73aso745255e9.3 for ; Fri, 06 Mar 2026 07:06:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772809571; x=1773414371; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=+xeOfiHuwB+WAFaJXVwdgdKDMrHYOHWUXL3/VBIytfU=; b=EX8sIx9H8b0JLRqUdrpq49f5bGmj/7nJZ1DMxOpaOGGspwaWc9ZFRqRyfe9/1smr4f a1QF0g72WhA67BNiJ6CamZFprPTJT+xQlbSKUxqf7q+TeCwjlU/7fr7Gy1FYMuD9xnvR 85lS8GC8uVNSJ+cfLRhyq6Ce+pXDko4cQ9O0SBnkLQe2PUqapj8Q4hLVv1nMO8iIueRm uqm/EmqIlN20KH5ygMYrU2iDil69bHoEprsilM7ZBQKuM9y+nYst9PoCGLx5ZepTiME6 P+i/RBvN5oSUnuXOFZtLLlUi0pWKpDoY8e9laCBKor0tfd15lRGeSm0/5IOVis4qrBLu Apjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772809571; x=1773414371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=+xeOfiHuwB+WAFaJXVwdgdKDMrHYOHWUXL3/VBIytfU=; b=qfp1bHosr+3jkCCYISGbNHFwpKYTupl2dqGEURbx3fifWQhPbIPNeDkBdNQe+aPSum JStbkky6YQdHUaj8cbd7vKgusEP6JRVGJNVwsQS/2c/EA2OU3FOSNAV3RwhCj6DkKFua PZPImtju/+TEzbTPsewQ5m45t9+qFeuXP715KM6VFxg1sjYRtMtwxN+NH+f782VrZxJh TQHG8AFoUDBcKpV7UXiQPdDS6m24Q6aCjC7TLoLbXFcuUVBWPYJmI0l9SqVY9Mh9MpVB fqqGpu30NXA46tVrWndP//+o8ghWVk9FFhhyJXbUsbIUy6ctaWdG7Qb1g4UKYusiiSMt wBzQ== X-Gm-Message-State: AOJu0YzrbDm9GCyegGCfpMQN/sMRXnqyNkgwIGCPiHOmmvUpVWovGgDb 6OLlma7E1s+c3M5Iyx8F60gN9/apmzkDDZ1nak5VD/23+P7DkRDedjD42ipwmA== X-Gm-Gg: ATEYQzxG+PTaia5OKNUIF9mPgPktbGheURZTNMdparzo5oqYCmeRcGHrwZCMetZNmcN hFmKK5bmyWWlUUHTIFN19+afWnlXOoLRQygLuA0ypXwWU0AYrveWY3j3JhORQNuuKUaOudrPVgh eFqhvKq21zW1Hfyn18o/6b8tONkQa3yKMmPaHoHr6hnz9/q7TBTrfs5Qwdr+1TPnTfmLFtRW4qy EqLP/GF6oiX0hu21G6uO424wmML/ObMLYo54GjHSA1ZfelrDEn8DOi4QJeAH6VtEWiAk0aYvSg2 qapO5XyTgWEqrm2VHlAxhZHyP/VWkCgcgo3shNdIsCJvUtY9Ekzkh0/Ri53IWkEaDioLdFwqIYP yioTxKGBfjpQyaZGmoKqnG0D20nnzM0w5FAceZm6nzu6cZMH5ophaz78CQErhtVFvqA0tVNTINR xl2KOdFUrkwFk20R4+X6xo X-Received: by 2002:a05:600c:1e88:b0:47e:e952:86c9 with SMTP id 5b1f17b1804b1-485268bd528mr47655955e9.0.1772809570987; Fri, 06 Mar 2026 07:06:10 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48527681e3fsm38990205e9.6.2026.03.06.07.06.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 07:06:10 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 11/11] imagemagick: patch CVE-2026-25798 Date: Fri, 6 Mar 2026 16:06:02 +0100 Message-ID: <20260306150602.616834-11-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306150602.616834-1-skandigraun@gmail.com> References: <20260306150602.616834-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 15:06:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124915 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25798 Backport the patch that mentions the related Github advisory[1] in its commit message. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4 Signed-off-by: Gyorgy Sarvari --- .../imagemagick/CVE-2026-25798.patch | 101 ++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 102 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25798.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25798.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25798.patch new file mode 100644 index 0000000000..73814f8e12 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25798.patch @@ -0,0 +1,101 @@ +From a16b3ba623e773a35af509809f40bfa099d2da0c Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sun, 1 Feb 2026 14:56:14 -0500 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4 + +CVE: CVE-2026-25798 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/16dd3158ce197c6f65e7798a7a5cc4538bb0303e] +Signed-off-by: Gyorgy Sarvari +--- + MagickCore/cache.c | 37 +++++++++++++++++++++++++++++++++---- + coders/sixel.c | 4 ++-- + 2 files changed, 35 insertions(+), 6 deletions(-) + +diff --git a/MagickCore/cache.c b/MagickCore/cache.c +index 5f44791bd..d0c63cebe 100644 +--- a/MagickCore/cache.c ++++ b/MagickCore/cache.c +@@ -3561,6 +3561,25 @@ static MagickBooleanType MaskPixelCacheNexus(Image *image,NexusInfo *nexus_info, + % + */ + ++static inline MagickBooleanType CacheOverflowSanityCheckGetSize( ++ const MagickSizeType count,const size_t quantum,MagickSizeType *const extent) ++{ ++ MagickSizeType ++ length; ++ ++ if ((count == 0) || (quantum == 0)) ++ return(MagickTrue); ++ length=count*quantum; ++ if (quantum != (length/count)) ++ { ++ errno=ENOMEM; ++ return(MagickTrue); ++ } ++ if (extent != NULL) ++ *extent=length; ++ return(MagickFalse); ++} ++ + static MagickBooleanType OpenPixelCacheOnDisk(CacheInfo *cache_info, + const MapMode mode) + { +@@ -3711,7 +3730,7 @@ static MagickBooleanType OpenPixelCache(Image *image,const MapMode mode, + status; + + MagickSizeType +- length, ++ length = 0, + number_pixels; + + size_t +@@ -3789,12 +3808,22 @@ static MagickBooleanType OpenPixelCache(Image *image,const MapMode mode, + packet_size=MagickMax(cache_info->number_channels,1)*sizeof(Quantum); + if (image->metacontent_extent != 0) + packet_size+=cache_info->metacontent_extent; +- length=number_pixels*packet_size; ++ if (CacheOverflowSanityCheckGetSize(number_pixels,packet_size,&length) != MagickFalse) ++ { ++ cache_info->storage_class=UndefinedClass; ++ cache_info->length=0; ++ ThrowBinaryException(ResourceLimitError,"PixelCacheAllocationFailed", ++ image->filename); ++ } + columns=(size_t) (length/cache_info->rows/packet_size); + if ((cache_info->columns != columns) || ((ssize_t) cache_info->columns < 0) || + ((ssize_t) cache_info->rows < 0)) +- ThrowBinaryException(ResourceLimitError,"PixelCacheAllocationFailed", +- image->filename); ++ { ++ cache_info->storage_class=UndefinedClass; ++ cache_info->length=0; ++ ThrowBinaryException(ResourceLimitError,"PixelCacheAllocationFailed", ++ image->filename); ++ } + cache_info->length=length; + if (image->ping != MagickFalse) + { +diff --git a/coders/sixel.c b/coders/sixel.c +index a0ae4b8b7..e9d941300 100644 +--- a/coders/sixel.c ++++ b/coders/sixel.c +@@ -545,7 +545,7 @@ static MagickBooleanType sixel_decode(Image *image,unsigned char *p, + if (max_x < position_x) + max_x = position_x; + if (max_y < (position_y + i)) +- max_y = position_y + i; ++ max_y = (int) (position_y + i); + } + sixel_vertical_mask <<= 1; + } +@@ -578,7 +578,7 @@ static MagickBooleanType sixel_decode(Image *image,unsigned char *p, + if (max_x < (position_x+repeat_count-1)) + max_x = position_x+repeat_count-1; + if (max_y < (position_y+i+n-1)) +- max_y = position_y+i+n-1; ++ max_y = (int) (position_y+i+n-1); + i+=(n-1); + sixel_vertical_mask <<= (n-1); + } diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index 2f6c8079cf..f4cceac88d 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -25,6 +25,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2026-25795.patch \ file://CVE-2026-25796.patch \ file://CVE-2026-25797.patch \ + file://CVE-2026-25798.patch \ " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e"