Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55004
Pick the patch that mentions the related github advisory[1] explicitly in its commit message. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../imagemagick/CVE-2025-55004.patch | 65 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 66 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55004.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55004.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55004.patch new file mode 100644 index 0000000000..44ef34c40b --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55004.patch @@ -0,0 +1,65 @@ +From e3b2eba8a84e7c4222bcf1a843c1677b7406db3f Mon Sep 17 00:00:00 2001 +From: Cristy <[email protected]> +Date: Thu, 7 Aug 2025 19:14:00 -0400 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw + +CVE: CVE-2025-55004 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/55d97055e00a7bc7ae2776c99824002fbb4a72aa] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + coders/png.c | 33 ++++++++++----------------------- + 1 file changed, 10 insertions(+), 23 deletions(-) + +diff --git a/coders/png.c b/coders/png.c +index 23a96e4d0..c6fae6283 100644 +--- a/coders/png.c ++++ b/coders/png.c +@@ -4785,37 +4785,24 @@ static Image *ReadOneJNGImage(MngReadInfo *mng_info, + jng_image=ReadImage(alpha_image_info,exception); + + if (jng_image != (Image *) NULL) +- for (y=0; y < (ssize_t) image->rows; y++) + { +- s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception); +- q=GetAuthenticPixels(image,0,y,image->columns,1,exception); +- if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL)) +- break; ++ image->alpha_trait=BlendPixelTrait; ++ for (y=0; y < (ssize_t) image->rows; y++) ++ { ++ s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception); ++ q=GetAuthenticPixels(image,0,y,image->columns,1,exception); ++ if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL)) ++ break; + +- if (image->alpha_trait != UndefinedPixelTrait) + for (x=(ssize_t) image->columns; x != 0; x--) + { + SetPixelAlpha(image,GetPixelRed(jng_image,s),q); + q+=(ptrdiff_t) GetPixelChannels(image); + s+=(ptrdiff_t) GetPixelChannels(jng_image); + } +- +- else +- for (x=(ssize_t) image->columns; x != 0; x--) +- { +- Quantum +- alpha; +- +- alpha=GetPixelRed(jng_image,s); +- SetPixelAlpha(image,alpha,q); +- if (alpha != OpaqueAlpha) +- image->alpha_trait=BlendPixelTrait; +- q+=(ptrdiff_t) GetPixelChannels(image); +- s+=(ptrdiff_t) GetPixelChannels(jng_image); +- } +- +- if (SyncAuthenticPixels(image,exception) == MagickFalse) +- break; ++ if (SyncAuthenticPixels(image,exception) == MagickFalse) ++ break; ++ } + } + (void) RelinquishUniqueFileResource(alpha_image->filename); + alpha_image=DestroyImageList(alpha_image); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index e486d072be..caaf813f6e 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-53015.patch \ file://CVE-2025-53019.patch \ file://CVE-2025-53101.patch \ + file://CVE-2025-55004.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123261): https://lists.openembedded.org/g/openembedded-devel/message/123261 Mute This Topic: https://lists.openembedded.org/mt/117150405/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
