Backport the fix for CVE-2025-53014 Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03]
Add below patch to fix CVE-2025-53014 0001-ImageMagick-Fix-CVE-2025-53014.patch Signed-off-by: Divyanshu Rathore <[email protected]> --- .../0001-ImageMagick-Fix-CVE-2025-53014.patch | 32 +++++++++++++++++++ .../imagemagick/imagemagick_7.0.10.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch diff --git a/meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch b/meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch new file mode 100644 index 0000000000..3230519cd1 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/0001-ImageMagick-Fix-CVE-2025-53014.patch @@ -0,0 +1,32 @@ +From a16d86759bd9171fca247c4e764ffeeeb7232d9b Mon Sep 17 00:00:00 2001 +From: Divyanshu Rathore <[email protected]> +Date: Mon, 29 Sep 2025 13:56:59 +0530 +Subject: [PATCH 01/18] ImageMagick: Fix CVE-2025-53014 + +Correct out of bounds read of a single byte. +CVE: CVE-2025-53014 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03.patch] + +Comment: Refreshed hunk to match latest kirkstone + +Signed-off-by: Divyanshu Rathore <[email protected]> +--- + MagickCore/image.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/MagickCore/image.c b/MagickCore/image.c +index 34804e522..fe2a1cb5f 100644 +--- a/MagickCore/image.c ++++ b/MagickCore/image.c +@@ -1661,7 +1661,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info, + q=(char *) p+1; + if (*q == '%') + { +- p=q+1; ++ p++; + continue; + } + field_width=0; +-- +2.34.1 + diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb index fcbbd6fca2..bdd6dbe955 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb @@ -24,6 +24,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2023-34474.patch \ file://CVE-2023-5341.patch \ file://CVE-2022-28463.patch \ + file://0001-ImageMagick-Fix-CVE-2025-53014.patch \ " SRCREV = "35b4991eb0939a327f3489988c366e21068b0178" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122618): https://lists.openembedded.org/g/openembedded-devel/message/122618 Mute This Topic: https://lists.openembedded.org/mt/116753526/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
