From: Divyanshu Rathore <[email protected]> Backport the fix for CVE-2025-53019
Add below patch to fix CVE-2025-53019 0005-ImageMagick-Fix-CVE-2025-53019.patch Signed-off-by: Divyanshu Rathore <[email protected]> --- .../0005-ImageMagick-Fix-CVE-2025-53019.patch | 33 +++++++++++++++++++ .../imagemagick/imagemagick_7.0.10.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch diff --git a/meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch b/meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch new file mode 100644 index 0000000000..fd2a604916 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch @@ -0,0 +1,33 @@ +From 5e3a3f3656b04d964330efb33827ecab5589ec26 Mon Sep 17 00:00:00 2001 +From: Divyanshu Rathore <[email protected]> +Date: Mon, 29 Sep 2025 15:38:57 +0530 +Subject: [PATCH 5/6] ImageMagick: Fix CVE-2025-53019 + +Fixed memory leak when entering StreamImage multiple times. +CVE: CVE-2025-53019 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c.patch] + +Comment: Refreshed hunk to match latest kirkstone + +Signed-off-by: Divyanshu Rathore <[email protected]> +--- + MagickCore/stream.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/MagickCore/stream.c b/MagickCore/stream.c +index 28fa0f25b..bfa29f25e 100644 +--- a/MagickCore/stream.c ++++ b/MagickCore/stream.c +@@ -1350,7 +1350,8 @@ MagickExport Image *StreamImage(const ImageInfo *image_info, + assert(exception != (ExceptionInfo *) NULL); + read_info=CloneImageInfo(image_info); + stream_info->image_info=image_info; +- stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL); ++ if (stream_info->quantum_info == (QuantumInfo *) NULL) ++ stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL); + if (stream_info->quantum_info == (QuantumInfo *) NULL) + { + read_info=DestroyImageInfo(read_info); +-- +2.34.1 + diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb index 224f55d03b..829ab2e525 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb @@ -27,6 +27,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://0002-ImageMagick-Fix-CVE-2025-53101.patch \ file://0003-ImageMagick-Fix-CVE-2025-55160.patch \ file://0004-ImageMagick-Fix-CVE-2025-55005.patch \ + file://0005-ImageMagick-Fix-CVE-2025-53019.patch \ " SRCREV = "35b4991eb0939a327f3489988c366e21068b0178" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121941): https://lists.openembedded.org/g/openembedded-devel/message/121941 Mute This Topic: https://lists.openembedded.org/mt/116392321/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
