Backport the fix for CVE-2025-53019 Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c]
Add below patch to fix CVE-2025-53019 0005-ImageMagick-Fix-CVE-2025-53019.patch Signed-off-by: Divyanshu Rathore <[email protected]> --- .../0005-ImageMagick-Fix-CVE-2025-53019.patch | 33 +++++++++++++++++++ .../imagemagick/imagemagick_7.0.10.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch diff --git a/meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch b/meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch new file mode 100644 index 0000000000..c5bc15386a --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/0005-ImageMagick-Fix-CVE-2025-53019.patch @@ -0,0 +1,33 @@ +From c0367e544456895e77661481b76a55ac30d52420 Mon Sep 17 00:00:00 2001 +From: Divyanshu Rathore <[email protected]> +Date: Mon, 29 Sep 2025 15:38:57 +0530 +Subject: [PATCH 05/18] ImageMagick: Fix CVE-2025-53019 + +Fixed memory leak when entering StreamImage multiple times. +CVE: CVE-2025-53019 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c.patch] + +Comment: Refreshed hunk to match latest kirkstone + +Signed-off-by: Divyanshu Rathore <[email protected]> +--- + MagickCore/stream.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/MagickCore/stream.c b/MagickCore/stream.c +index 28fa0f25b..bfa29f25e 100644 +--- a/MagickCore/stream.c ++++ b/MagickCore/stream.c +@@ -1350,7 +1350,8 @@ MagickExport Image *StreamImage(const ImageInfo *image_info, + assert(exception != (ExceptionInfo *) NULL); + read_info=CloneImageInfo(image_info); + stream_info->image_info=image_info; +- stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL); ++ if (stream_info->quantum_info == (QuantumInfo *) NULL) ++ stream_info->quantum_info=AcquireQuantumInfo(image_info,(Image *) NULL); + if (stream_info->quantum_info == (QuantumInfo *) NULL) + { + read_info=DestroyImageInfo(read_info); +-- +2.34.1 + diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb index 0256aa9164..c40aef1b46 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb @@ -28,6 +28,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://0002-ImageMagick-Fix-CVE-2025-53101.patch \ file://0003-ImageMagick-Fix-CVE-2025-55160.patch \ file://0004-ImageMagick-Fix-CVE-2025-55005.patch \ + file://0005-ImageMagick-Fix-CVE-2025-53019.patch \ " SRCREV = "35b4991eb0939a327f3489988c366e21068b0178" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122623): https://lists.openembedded.org/g/openembedded-devel/message/122623 Mute This Topic: https://lists.openembedded.org/mt/116753532/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
