From patchwork Thu Apr 16 05:39:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bhabu Bindu X-Patchwork-Id: 86177 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F2A1F433E6 for ; Thu, 16 Apr 2026 05:41:39 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6924.1776318095223443357 for ; Wed, 15 Apr 2026 22:41:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=U9MFxRsJ; spf=pass (domain: gmail.com, ip: 209.85.214.169, mailfrom: bindudaniel1996@gmail.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-2b24fcc2b5dso51296455ad.1 for ; Wed, 15 Apr 2026 22:41:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776318094; x=1776922894; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=zRQJ2Oe8laAluGJOI5HkJm01v6pQVzwO4wb2IycWSGo=; b=U9MFxRsJ4aFFhixaWMEjbK/JS3SZ/gyG3g/p4NKpcZ/E4e2NSqqiWqaqozG6S/Algm 3pPBHs1ki7wqs55PXEwjsfegfM+DGvd5d29V/oN9o0pQYWhQVCBcNpb9dAS6aLgTwBkK +FHq/b+2jaAUZfydnpM4oMadXyTXCupp01IVTm5XX7EQ+CnmP9XEsPUhgyAgNqqOVwYC SJRTZ9w2z9sSBD9e8VtoMGo3CKtjv2mT4pShrjJFk7ifAFlgLrAta0yR857aEgktihWe a8aNFGxHX7l4vLl2WJeBlcbMZVUAtDa9uBTaO5vcD3YlIAzRzDZLFfhZZqbB2yOjAwP2 YyAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776318094; x=1776922894; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zRQJ2Oe8laAluGJOI5HkJm01v6pQVzwO4wb2IycWSGo=; b=g9q+agkqsQ87UmOfJ58/Jp9ODEIKKpV6JXEeEf8yT0Inwc3i/WgvCv1TEZCylfSoVb 1HuoJD96ICxVnVRfzYljWZ87UBEGJw6+Htg29rQD/sdaW2QwzxyTKH/l16BXo/+pqBSs ARl0kz55wYcsGbkN06Vv550BnZJuyB5lCKrWa1+F6+c2KoGFec9zltKJWl1oJ5KQS4In FZr5P3fU/GpQFXshFq7VXL+p+bS/q2718ofcFdqQ3vMQGD4CIvVOxYV6oaN3/hDlZ+J2 OG5ZkFczmsDWqVzOur1blShVf9ovByIkCxnoNc15uTAdoW50Ng5ojurlhYduq1zDyC13 3OmA== X-Gm-Message-State: AOJu0YyhoD8jbAkvlAGt11+Q7ZZKmx9gsiyAe1kR/LGNnN8m4HjVNMmT gn3SEHp05p1gUnG7RKQOYbMyNWAjMV5QM/11WHRmfp1jSNXZ6duvCIX8hDmAbA== X-Gm-Gg: AeBDiesxjr98r8G/nrpGiEVvi1OybaW6Q20qZwL2SuEkj0n4UHPN1JfExbCIUjQ/scZ ZOnUPgeUe7BVfyUdLb87o3xY5powILJ+L7CJw5eHScJHJ9vpVId4WZ3VQxSwbpVjvOtt3h6hU4T ei+My+hjPO4zs0zgMauV5zpApgD7asfL3AS3lMCuk4M8Ruapq9//WCPaWJuSiUt7srQK6al+URg 2maOIrprOqUPYbsOxPw8DGSonRHg4Szg6ysuCoXWiggIFtg1CUUO7FNu5n/EIuS+P91Dp9rA+v8 4/gJwAqA48k/rm6Zc3Pv0v9wMlHhktvSz9Xq0/NitsduNvgmNwqBvcdUN1Xk68tyq8NDxNUiRSk WS4HazDS5lU45+OnPi7MM6Ml90SZRKQ4fC2KbsF+hdTtcjem32JPwSx/ZfK6xu5frihRM0t6ryq 7/ZSc6wmBm84WqHhJttCLuYFr0iQDX X-Received: by 2002:a17:902:cf50:b0:2b0:5d60:7f3f with SMTP id d9443c01a7336-2b2d59a00c2mr169225015ad.16.1776318094254; Wed, 15 Apr 2026 22:41:34 -0700 (PDT) Received: from L-12443L.kpit.com ([106.51.47.37]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b4782b1174sm50361225ad.70.2026.04.15.22.41.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Apr 2026 22:41:33 -0700 (PDT) From: Bhabu Bindu X-Google-Original-From: Bhabu Bindu To: openembedded-devel@lists.openembedded.org, bhabu.bindu@kpit.com Subject: [meta-oe][scarthgap][PATCH 1/2] imagemagick: Fix CVE-2026-28493 Date: Thu, 16 Apr 2026 11:09:48 +0530 Message-Id: <20260416053949.365300-1-bhabu.bindu@kpit.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 16 Apr 2026 05:41:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126378 From: Bindu Bhabu Backport imagemagick commits [1][2][3] from version 7.1.2-16 which fixes the vulnerability according to Debian [4]. Patch hunks were refreshed as per codebase of imagemagick_7.1.1. [1] https://github.com/ImageMagick/ImageMagick/commit/6cefe972445185cbb9c76651231d52512e0ec14b [2] https://github.com/ImageMagick/ImageMagick/commit/47a803cc139a6eebf14fca5f1d5dd25c7782cc98 [3] https://github.com/ImageMagick/ImageMagick/commit/cd7acd2c4bea5c953fae062d9ce43d11374dcb60 [4] https://security-tracker.debian.org/tracker/CVE-2026-28493 Signed-off-by: Bhabu Bindu --- .../imagemagick/CVE-2026-28493-1.patch | 26 ++++++++++++++ .../imagemagick/CVE-2026-28493-2.patch | 34 +++++++++++++++++++ .../imagemagick/CVE-2026-28493-3.patch | 25 ++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 3 ++ 4 files changed, 88 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28493-1.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28493-2.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28493-3.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28493-1.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28493-1.patch new file mode 100644 index 0000000000..f2f1c2fa44 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28493-1.patch @@ -0,0 +1,26 @@ +From 6cefe972445185cbb9c76651231d52512e0ec14b Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Sat, 28 Feb 2026 11:01:24 +0100 +Subject: [PATCH] Corrected typecast to avoid an out of bounds write + (GHSA-r39q-jr8h-gcq2) + +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/6cefe972445185cbb9c76651231d52512e0ec14b] +CVE: CVE-2026-28493 +Signed-off-by: Bhabu Bindu +--- + coders/sixel.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/coders/sixel.c b/coders/sixel.c +index 5de968e3581..a9ccd8a677a 100644 +--- a/coders/sixel.c ++++ b/coders/sixel.c +@@ -573,7 +573,7 @@ static MagickBooleanType sixel_decode(Im + return(MagickFalse); + } + for (x = 0; x < repeat_count; x++) +- imbuf[(int) offset+x] = color_index; ++ imbuf[(size_t) offset+x]=(sixel_pixel_t) color_index; + } + if (max_x < (position_x+repeat_count-1)) + max_x = position_x+repeat_count-1; diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28493-2.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28493-2.patch new file mode 100644 index 0000000000..872fc6f436 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28493-2.patch @@ -0,0 +1,34 @@ +From 47a803cc139a6eebf14fca5f1d5dd25c7782cc98 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Sat, 28 Feb 2026 11:03:09 +0100 +Subject: [PATCH] Added checks for overflows. + +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/47a803cc139a6eebf14fca5f1d5dd25c7782cc98] +CVE: CVE-2026-28493 +Signed-off-by: Bhabu Bindu +--- + coders/sixel.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/coders/sixel.c b/coders/sixel.c +index a9ccd8a677a..d3a77aff219 100644 +--- a/coders/sixel.c ++++ b/coders/sixel.c +@@ -536,7 +536,7 @@ static MagickBooleanType sixel_decode(Im + { + offset=(size_t) (imsx*((ssize_t) position_y+i)+ + (ssize_t) position_x); +- if (offset >= (size_t) (imsx*imsy)) ++ if ((offset < 0) || (offset >= (imsx*imsy))) + { + imbuf=(sixel_pixel_t *) RelinquishMagickMemory(imbuf); + return(MagickFalse); +@@ -567,7 +567,7 @@ static MagickBooleanType sixel_decode(Im + for (y = position_y + i; y < position_y + i + n; ++y) + { + offset=(size_t) ((ssize_t) imsx*y+(ssize_t) position_x); +- if ((offset+(size_t) repeat_count) >= (size_t) (imsx*imsy)) ++ if ((offset < 0) || ((offset+repeat_count) >= (imsx*imsy))) + { + imbuf=(sixel_pixel_t *) RelinquishMagickMemory(imbuf); + return(MagickFalse); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28493-3.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28493-3.patch new file mode 100644 index 0000000000..4e756c2d1f --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28493-3.patch @@ -0,0 +1,25 @@ +From cd7acd2c4bea5c953fae062d9ce43d11374dcb60 Mon Sep 17 00:00:00 2001 +From: Jake Lodwick +Date: Sun, 1 Mar 2026 04:46:29 -0700 +Subject: [PATCH] Add overflow check to sixel write path (#8587) + +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/cd7acd2c4bea5c953fae062d9ce43d11374dcb60] +CVE: CVE-2026-28493 +Signed-off-by: Bhabu Bindu +--- + coders/sixel.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/coders/sixel.c b/coders/sixel.c +index d3a77aff219..b242959385d 100644 +--- a/coders/sixel.c ++++ b/coders/sixel.c +@@ -815,6 +815,8 @@ static MagickBooleanType sixel_encode_impl(sixel_pixel_t *pixels,size_t width, + context->pos = 0; + if (ncolors < 1) + return(MagickFalse); ++ if (HeapOverflowSanityCheck(ncolors,width) != MagickFalse) ++ return(MagickFalse); + len=ncolors*width; + context->active_palette=(-1); + map=(sixel_pixel_t *) AcquireQuantumMemory(len,sizeof(sixel_pixel_t)); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index ffc26e7169..09a56a1723 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -29,6 +29,9 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-68618.patch \ file://CVE-2025-68950.patch \ file://CVE-2025-69204.patch \ + file://CVE-2026-28493-1.patch \ + file://CVE-2026-28493-2.patch \ + file://CVE-2026-28493-3.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" From patchwork Thu Apr 16 05:39:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bhabu Bindu X-Patchwork-Id: 86178 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4CCBF433E8 for ; Thu, 16 Apr 2026 05:41:48 +0000 (UTC) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6925.1776318100199808579 for ; Wed, 15 Apr 2026 22:41:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=rcPDUGOa; spf=pass (domain: gmail.com, ip: 209.85.214.174, mailfrom: bindudaniel1996@gmail.com) Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-2a8fba3f769so34629995ad.2 for ; Wed, 15 Apr 2026 22:41:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776318099; x=1776922899; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jOHhn+p/dqcpJ6jcVKd3EVtgmI070FY1v3J2/oWIEhM=; b=rcPDUGOa3tv6o6YfFZ71zUtr4Ie/W3SpeVBEB9NKxAv9KbeHIdYRjVRKhxE4dvqhXD 87l2GTdN/7YqcgkjKSzk0t5/SPt+rLBrY+vHoSVEjeihejR9AgG6AQzLk9QvtnIyH5GB xw6J2pzNZewTcrFo3dATvASrVbnG5C8TS0n3e3GHOoSb9VFNE7x7jv/dYyxB067hgGem x231I9m5KHMgbxM9Jj8Kw4kl2WFjbJBF4NSfKchQPyztlia8Rc1p75vItDXZA1H2gnjs yus9LZ6BrSlRHLwP36JOQ9NQjK3RrMiEltTS2UFxxFr/PqB1d3GQ0qBfqqVLQI1NdxEC Hv1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776318099; x=1776922899; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=jOHhn+p/dqcpJ6jcVKd3EVtgmI070FY1v3J2/oWIEhM=; b=XQXPFmP8qnBsXcHrjXNy5+m7BH2kywGY4e7jYYLsbi3e6NR3SctsyWok4fX6s18xyy TvTlSkY9/Qx3izw6bwKEPZQ5GsroySOr+2C0aLojEmS4whMhWfw5Dln4eq3VrYx2LXMP U8ji8UjyZ0lljlz2SEa0HkmRTSzYzD9oNYcM1aUAGjh/m6Qu8umxBKqrt0PA3MGLsIKz EDW1/OhajvFjh6NcsHlc3jsE3/28ucEOERix7J6Hf8ULyjbnTbJQB9ZN3H9hcy6foOET nCjplUgKtXKxeTzVm4aHsosbtqTqAfpQIcMnJDlCfoDMNgzI6BUXp4qOKPb+zTOqsmec nSjw== X-Gm-Message-State: AOJu0Yx8xNXaZCbj8p2gKesclydVmrYHx4eNIC0ZMFzUnRYoTVYgAtKx BdMtv5+7paXEXTAdIll349kuzwsWkTmQbQk5bzbU+FemrsNZ8nGLNOV60mNpdg== X-Gm-Gg: AeBDievCiqzqmJCJJSbSFLidzJl62D0IQCKy6DqmA3vknU1kqa/yovKHZdzZQLDhBJy 31O3EPeAGOvVAiBY0mc9qSS2d9UgwSgLUP0rWV2yY4lknBHRJXgto29siYji4bnb8PqOaeI08fq D9BgzVkcGx1bQZXDbp/GwF56OCCv1KiSgjf5MWDD63m9YFbwYElePfvNNUoJb6UDAZPimNigtr2 AaxpQ6Z6H22o6S/zXabKSyWcOJEAlPV65W2hdlrpbC/ANj+kI5S9B4Rchqc7nGaqlDHtDCG2ozW LB0X1Mz0IezDvXwqJhvMOENUGSagKjBpz4egiVEIDnsF9dPA1eLUB+TxUvNurs03JwYR6jcZsvo ry0gyGiCWgIa8VVOKcyBjElYXy2VgThIeWC2/SjTMDIAEp1tCCpcCswwcArVn00L61bJjcv4fCI 0oS8OMXeTJNB9dV1nNxwEIcIQCG0J2 X-Received: by 2002:a17:902:cf12:b0:2b0:6df2:8cd2 with SMTP id d9443c01a7336-2b2d59b92a5mr248390795ad.19.1776318099287; Wed, 15 Apr 2026 22:41:39 -0700 (PDT) Received: from L-12443L.kpit.com ([106.51.47.37]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b4782b1174sm50361225ad.70.2026.04.15.22.41.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Apr 2026 22:41:38 -0700 (PDT) From: Bhabu Bindu X-Google-Original-From: Bhabu Bindu To: openembedded-devel@lists.openembedded.org, bhabu.bindu@kpit.com Subject: [meta-oe][scarthgap][PATCH 2/2] imagemagick: Fix CVE-2026-28494 Date: Thu, 16 Apr 2026 11:09:49 +0530 Message-Id: <20260416053949.365300-2-bhabu.bindu@kpit.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260416053949.365300-1-bhabu.bindu@kpit.com> References: <20260416053949.365300-1-bhabu.bindu@kpit.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 16 Apr 2026 05:41:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126379 From: Bindu Bhabu Backport imagemagick commits [1] from version 7.1.2-16 which fixes the vulnerability according to Debian [2]. [1] https://github.com/ImageMagick/ImageMagick/commit/a3f2f8680fa01cbce731191789322419efb5954a [2] https://security-tracker.debian.org/tracker/CVE-2026-28494 Signed-off-by: Bhabu Bindu --- .../imagemagick/CVE-2026-28494.patch | 61 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 62 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28494.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28494.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28494.patch new file mode 100644 index 0000000000..1f65d0131f --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-28494.patch @@ -0,0 +1,61 @@ +From a3f2f8680fa01cbce731191789322419efb5954a Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Sat, 28 Feb 2026 11:31:15 +0100 +Subject: [PATCH] Added checks to avoid possible stack corruption + (GHSA-932h-jw47-73jm) + +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/a3f2f8680fa01cbce731191789322419efb5954a] +CVE: CVE-2026-28494 +Signed-off-by: Bhabu Bindu +--- + MagickCore/morphology.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/MagickCore/morphology.c b/MagickCore/morphology.c +index 81bd2265438..727ac100180 100644 +--- a/MagickCore/morphology.c ++++ b/MagickCore/morphology.c +@@ -234,6 +234,9 @@ static KernelInfo *ParseKernelArray(const char *kernel_string) + GeometryInfo + args; + ++ size_t ++ length; ++ + kernel=(KernelInfo *) AcquireMagickMemory(sizeof(*kernel)); + if (kernel == (KernelInfo *) NULL) + return(kernel); +@@ -261,8 +264,9 @@ static KernelInfo *ParseKernelArray(const char *kernel_string) + if ( p != (char *) NULL && p < end) + { + /* ParseGeometry() needs the geometry separated! -- Arrgghh */ +- (void) memcpy(token, kernel_string, (size_t) (p-kernel_string)); +- token[p-kernel_string] = '\0'; ++ length=MagickMin((size_t) (p-kernel_string),sizeof(token)-1); ++ (void) memcpy(token, kernel_string, length); ++ token[length] = '\0'; + SetGeometryInfo(&args); + flags = ParseGeometry(token, &args); + +@@ -388,6 +392,9 @@ static KernelInfo *ParseKernelName(const char *kernel_string, + MagickStatusType + flags; + ++ size_t ++ length; ++ + ssize_t + type; + +@@ -406,8 +413,9 @@ static KernelInfo *ParseKernelName(const char *kernel_string, + end = strchr(p, '\0'); + + /* ParseGeometry() needs the geometry separated! -- Arrgghh */ +- (void) memcpy(token, p, (size_t) (end-p)); +- token[end-p] = '\0'; ++ length=MagickMin((size_t) (end-p),sizeof(token)-1); ++ (void) memcpy(token, p, length); ++ token[length] = '\0'; + SetGeometryInfo(&args); + flags = ParseGeometry(token, &args); + diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index 09a56a1723..d85cdb27f3 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -32,6 +32,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2026-28493-1.patch \ file://CVE-2026-28493-2.patch \ file://CVE-2026-28493-3.patch \ + file://CVE-2026-28494.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"