Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53014
Pick the commit that is mentioned as a solution at the bottom of the relevant Github advisory[1]. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../imagemagick/CVE-2025-53014.patch | 25 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 4 ++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53014.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53014.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53014.patch new file mode 100644 index 0000000000..b20d78e1bb --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53014.patch @@ -0,0 +1,25 @@ +From ebf0f36974e2c9b47d9bb5bf31d19a19c0ce4e8e Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra <[email protected]> +Date: Thu, 26 Jun 2025 23:01:07 +0200 +Subject: [PATCH] Correct out of bounds read of a single byte. + +CVE: CVE-2025-53014 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + MagickCore/image.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/MagickCore/image.c b/MagickCore/image.c +index 261d75003..1b242f828 100644 +--- a/MagickCore/image.c ++++ b/MagickCore/image.c +@@ -1678,7 +1678,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info, + q=(char *) p+1; + if (*q == '%') + { +- p=q+1; ++ p++; + continue; + } + field_width=0; diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index f947b8e9c6..cc77468731 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -11,7 +11,9 @@ DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool" BASE_PV := "${PV}" PV .= "-47" -SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https" +SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \ + file://CVE-2025-53014.patch \ + " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" S = "${WORKDIR}/git"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123257): https://lists.openembedded.org/g/openembedded-devel/message/123257 Mute This Topic: https://lists.openembedded.org/mt/117150401/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
