Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53015
Backport the patches marked as a solution at the bottom of the relevant github advisory[1]. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../imagemagick/CVE-2025-53015.patch | 51 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 52 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53015.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53015.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53015.patch new file mode 100644 index 0000000000..26ab56ebab --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53015.patch @@ -0,0 +1,51 @@ +From dee67b151cf3f25bde758d1fac9a42626715b3e5 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra <[email protected]> +Date: Fri, 2 May 2025 18:33:17 +0200 +Subject: [PATCH] Added extra checks to make sure we don't get stuck in the + while loop. + +Added missing return. + +CVE: CVE-2025-53015 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0 and https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + MagickCore/image-private.h | 1 + + MagickCore/profile.c | 12 ++++++++++++ + 2 files changed, 13 insertions(+) + +diff --git a/MagickCore/image-private.h b/MagickCore/image-private.h +index 4ce71c32c..11dca1072 100644 +--- a/MagickCore/image-private.h ++++ b/MagickCore/image-private.h +@@ -52,6 +52,7 @@ extern "C" { + #define MAGICK_SIZE_MAX (SIZE_MAX) + #define MAGICK_SSIZE_MAX (SSIZE_MAX) + #define MAGICK_SSIZE_MIN (-SSIZE_MAX-1) ++#define MAGICK_ULONG_MAX (ULONG_MAX) + #define MatteColor "#bdbdbd" /* gray */ + #define MatteColorRGBA ScaleShortToQuantum(0xbdbd),\ + ScaleShortToQuantum(0xbdbd),ScaleShortToQuantum(0xbdbd),OpaqueAlpha +diff --git a/MagickCore/profile.c b/MagickCore/profile.c +index 7eea1d32f..a68e54f14 100644 +--- a/MagickCore/profile.c ++++ b/MagickCore/profile.c +@@ -2571,6 +2571,18 @@ static void GetXmpNumeratorAndDenominator(double value, + *denominator=1; + if (value <= MagickEpsilon) + return; ++ if (value > (double) MAGICK_ULONG_MAX) ++ { ++ *numerator = MAGICK_ULONG_MAX; ++ *denominator = 1; ++ return; ++ } ++ if (floor(value) == value) ++ { ++ *numerator = (unsigned long) value; ++ *denominator = 1; ++ return; ++ } + *numerator=1; + df=1.0; + while(fabs(df - value) > MagickEpsilon) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index cc77468731..47ab5ead4c 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -13,6 +13,7 @@ BASE_PV := "${PV}" PV .= "-47" SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \ file://CVE-2025-53014.patch \ + file://CVE-2025-53015.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123258): https://lists.openembedded.org/g/openembedded-devel/message/123258 Mute This Topic: https://lists.openembedded.org/mt/117150402/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
