[oe] [meta-oe][kirkstone][PATCH 1/5] imagemagick: patch CVE-2022-1115

Wed, 24 Dec 2025 11:34:43 -0800 

Details: https://nvd.nist.gov/vuln/detail/CVE-2022-1115

Pick the patch referenced in the NVD report.
Tested successfully against the PoC described in the related Github issue[1].

[1]: https://github.com/ImageMagick/ImageMagick/issues/4974

Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 .../imagemagick/files/CVE-2022-1115.patch     | 25 +++++++++++++++++++
 .../imagemagick/imagemagick_7.0.10.bb         |  1 +
 2 files changed, 26 insertions(+)
 create mode 100644 
meta-oe/recipes-support/imagemagick/files/CVE-2022-1115.patch

diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2022-1115.patch 
b/meta-oe/recipes-support/imagemagick/files/CVE-2022-1115.patch
new file mode 100644
index 0000000000..51a441cfe3
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2022-1115.patch
@@ -0,0 +1,25 @@
+From 0d8ca198fd90d882e524a3bc2eed55aff5c737c1 Mon Sep 17 00:00:00 2001
+From: Cristy <[email protected]>
+Date: Tue, 22 Mar 2022 20:11:27 -0400
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/4974
+
+CVE: CVE-2022-1115
+Upstream-Status: Backport 
[https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51]
+Signed-off-by: Gyorgy Sarvari <[email protected]>
+---
+ coders/tiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index d8e9a8953..c3767c8c3 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1993,7 +1993,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         number_pixels=(MagickSizeType) columns*rows;
+         if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
+           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+-        extent=TIFFTileSize(tiff);
++        extent=4*MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
+ #if defined(TIFF_VERSION_BIG)
+         extent+=columns*sizeof(uint64);
+ #else
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb 
b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
index 0b2eeb2ad4..350b504400 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@@ -45,6 +45,7 @@ SRC_URI = 
"git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
     file://0011-ImageMagick-Add-support-patch-2-to-fix-CVE-2023-3415.patch \
     file://0011-ImageMagick-Add-support-patch-3-to-fix-CVE-2023-3415.patch \
     file://0011-ImageMagick-Fix-CVE-2023-34151.patch \
+    file://CVE-2022-1115.patch \
 "
 
 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#122892): 
https://lists.openembedded.org/g/openembedded-devel/message/122892
Mute This Topic: https://lists.openembedded.org/mt/116933501/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to