Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53019
Pick the commit that is marked as a fix at the bottom of the relevant github advisory[1]. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../imagemagick/CVE-2025-53019.patch | 26 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 27 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53019.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53019.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53019.patch new file mode 100644 index 0000000000..63702955cb --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53019.patch @@ -0,0 +1,26 @@ +From 4e32e83e3f57d110b56641f12cc5ed7d007dce29 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra <[email protected]> +Date: Fri, 27 Jun 2025 14:51:57 +0200 +Subject: [PATCH] Fixed memory leak when entering StreamImage multiple times. + +CVE: CVE-2025-53019 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + MagickCore/stream.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/MagickCore/stream.c b/MagickCore/stream.c +index 786dabb52..22a0c9eee 100644 +--- a/MagickCore/stream.c ++++ b/MagickCore/stream.c +@@ -1321,7 +1321,8 @@ MagickExport Image *StreamImage(const ImageInfo *image_info, + image_info->filename); + read_info=CloneImageInfo(image_info); + stream_info->image_info=image_info; +- stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL); ++ if (stream_info->quantum_info == (QuantumInfo *) NULL) ++ stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL); + if (stream_info->quantum_info == (QuantumInfo *) NULL) + { + read_info=DestroyImageInfo(read_info); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index 47ab5ead4c..cb4735e394 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -14,6 +14,7 @@ PV .= "-47" SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \ file://CVE-2025-53014.patch \ file://CVE-2025-53015.patch \ + file://CVE-2025-53019.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123259): https://lists.openembedded.org/g/openembedded-devel/message/123259 Mute This Topic: https://lists.openembedded.org/mt/117150403/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
