[oe] [meta-oe][scarthgap][PATCH 12/15] imagemagick: patch CVE-2025-57803

Gyorgy Sarvari via lists.openembedded.org Thu, 08 Jan 2026 02:54:23 -0800

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57803


Backport the patch that is mentioned in the NVD advisory.

Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 .../imagemagick/CVE-2025-57803.patch          | 60 +++++++++++++++++++
 .../imagemagick/imagemagick_7.1.1.bb          |  1 +
 2 files changed, 61 insertions(+)
 create mode 100644 
meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57803.patch

diff --git 
a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57803.patch 
b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57803.patch
new file mode 100644
index 0000000000..0eaf3af163
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57803.patch
@@ -0,0 +1,60 @@
+From 28b22daea4382d3599ea5a5369354d044c51b124 Mon Sep 17 00:00:00 2001
+From: Cristy <[email protected]>
+Date: Sat, 23 Aug 2025 09:18:40 -0400
+Subject: [PATCH] 
+ 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mxvv-97wh-cfmm
+
+CVE: CVE-2025-57803
+Upstream-Status: Backport 
[https://github.com/ImageMagick/ImageMagick/commit/2c55221f4d38193adcb51056c14cf238fbcc35d7]
+Signed-off-by: Gyorgy Sarvari <[email protected]>
+---
+ coders/bmp.c | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/coders/bmp.c b/coders/bmp.c
+index e05659b22..5c75e7f23 100644
+--- a/coders/bmp.c
++++ b/coders/bmp.c
+@@ -516,6 +516,11 @@ static MagickBooleanType IsBMP(const unsigned char 
*magick,const size_t length)
+ %
+ */
+ 
++static inline MagickBooleanType BMPOverflowCheck(size_t x,size_t y)
++{
++  return((y != 0) && (x > 4294967295UL/y) ? MagickTrue : MagickFalse);
++}
++
+ static Image *ReadEmbedImage(const ImageInfo *image_info,Image *image,
+   const char *magick,ExceptionInfo *exception)
+ {
+@@ -609,6 +614,7 @@ static Image *ReadBMPImage(const ImageInfo 
*image_info,ExceptionInfo *exception)
+   size_t
+     bit,
+     bytes_per_line,
++    extent,
+     length;
+ 
+   ssize_t
+@@ -1110,12 +1116,18 @@ static Image *ReadBMPImage(const ImageInfo 
*image_info,ExceptionInfo *exception)
+       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     if (bmp_info.compression == BI_RLE4)
+       bmp_info.bits_per_pixel<<=1;
+-    bytes_per_line=4*((image->columns*bmp_info.bits_per_pixel+31)/32);
+-    length=(size_t) bytes_per_line*image->rows;
++    extent=image->columns*bmp_info.bits_per_pixel;
++    bytes_per_line=4*((extent+31)/32);
++    if (BMPOverflowCheck(bytes_per_line,image->rows) != MagickFalse)
++      ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
++    length=bytes_per_line*image->rows;
+     if ((MagickSizeType) (length/256) > blob_size)
+       ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
+-    pixel_info=AcquireVirtualMemory(image->rows,
+-      MagickMax(bytes_per_line,image->columns+1UL)*sizeof(*pixels));
++    extent=MagickMax(bytes_per_line,image->columns+1UL);
++    if ((BMPOverflowCheck(image->rows,extent) != MagickFalse) ||
++        (BMPOverflowCheck(extent,sizeof(*pixels)) != MagickFalse))
++      ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
++    pixel_info=AcquireVirtualMemory(image->rows,extent*sizeof(*pixels));
+     if (pixel_info == (MemoryInfo *) NULL)
+       ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+     pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info);
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb 
b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
index b299f0d2b6..14a9d1eefa 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
@@ -21,6 +21,7 @@ SRC_URI = 
"git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
            file://CVE-2025-55154.patch \
            file://CVE-2025-55160.patch \
            file://CVE-2025-55212.patch \
+           file://CVE-2025-57803.patch \
            "
 SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#123266): 
https://lists.openembedded.org/g/openembedded-devel/message/123266
Mute This Topic: https://lists.openembedded.org/mt/117150415/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][scarthgap][PATCH 12/15] imagemagick: patch CVE-2025-57803

Reply via email to