Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55212
Backport the patch that is mentioned in the NVD advisory. Notes about the backport: The original patch deletes two extra lines compared to the backport: those lines were a previous attempt[1] to solve the same vulnerability, and the final patch reverted them. Since that patch wasn't part of the recipe, those deletions were dropped from the backported patch. The PerceptibleReciprocal function was renamed[2] to MagickSafeReciprocal after the recipe's revision, but there were no functional changes in the function's behavior. [1]: https://github.com/ImageMagick/ImageMagick/commit/43d92bf855155e8e716ecbb50ed94c2ed41ff9f6 [2]: https://github.com/ImageMagick/ImageMagick/commit/7e5d87fe6e9 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../imagemagick/CVE-2025-55212.patch | 29 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 30 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch new file mode 100644 index 0000000000..40a1b6fc4d --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch @@ -0,0 +1,29 @@ +From 3cc6cf85fbe2d147c7b3d48e53f4e9f081448ae8 Mon Sep 17 00:00:00 2001 +From: Cristy <[email protected]> +Date: Sun, 17 Aug 2025 14:33:44 -0400 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw + +CVE: CVE-2025-55212 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + MagickCore/resize.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/MagickCore/resize.c b/MagickCore/resize.c +index ea6e535f4..298662f8a 100644 +--- a/MagickCore/resize.c ++++ b/MagickCore/resize.c +@@ -4624,8 +4624,9 @@ MagickExport Image *ThumbnailImage(const Image *image,const size_t columns, + x_factor, + y_factor; + +- x_factor=(ssize_t) image->columns/(ssize_t) columns; +- y_factor=(ssize_t) image->rows/(ssize_t) rows; ++ x_factor=(ssize_t) (image->columns*PerceptibleReciprocal((double) ++ columns)); ++ y_factor=(ssize_t) (image->rows*PerceptibleReciprocal((double) rows)); + if ((x_factor > 4) && (y_factor > 4)) + { + thumbnail_image=SampleImage(clone_image,4*columns,4*rows,exception); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index 5e9561291c..b299f0d2b6 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-55005.patch \ file://CVE-2025-55154.patch \ file://CVE-2025-55160.patch \ + file://CVE-2025-55212.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123265): https://lists.openembedded.org/g/openembedded-devel/message/123265 Mute This Topic: https://lists.openembedded.org/mt/117150414/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
