Fix CVE-2026-22770 with patch provided by NVD advisory. Link: https://nvd.nist.gov/vuln/detail/CVE-2026-22770
Signed-off-by: Bhabu Bindu <[email protected]> --- .../imagemagick/CVE-2026-22770.patch | 41 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-22770.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-22770.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-22770.patch new file mode 100644 index 0000000000..a89a8b9d3c --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-22770.patch @@ -0,0 +1,41 @@ +From 3e0330721020e0c5bb52e4b77c347527dd71658e Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra <[email protected]> +Date: Sun, 4 Jan 2026 15:26:48 +0100 +Subject: [PATCH] Correct memset initialization and add an overflow check + (GHSA-39h3-g67r-7g3c) + +CVE: CVE-2026-22770 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e] +Signed-off-by: Bhabu Bindu <[email protected]> +--- + MagickCore/effect.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/MagickCore/effect.c b/MagickCore/effect.c +index a343e42259d..b2fdf626cb1 100644 +--- a/MagickCore/effect.c ++++ b/MagickCore/effect.c +@@ -876,16 +876,21 @@ static double **AcquireBilateralTLS(const size_t number_threads, + double + **weights; + ++ size_t ++ count; ++ + ssize_t + i; + ++ if (HeapOverflowSanityCheckGetSize(height,sizeof(**weights),&count) != MagickFalse) ++ return((double **) NULL); + weights=(double **) AcquireQuantumMemory(number_threads+1,sizeof(*weights)); + if (weights == (double **) NULL) + return((double **) NULL); +- (void) memset(weights,0,number_threads*sizeof(*weights)); ++ (void) memset(weights,0,(number_threads+1)*sizeof(*weights)); + for (i=0; i <= (ssize_t) number_threads; i++) + { +- weights[i]=(double *) AcquireQuantumMemory(width,height*sizeof(**weights)); ++ weights[i]=(double *) AcquireQuantumMemory(width,count); + if (weights[i] == (double *) NULL) + return(DestroyBilateralTLS(number_threads,weights)); + } diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index 99632967c2..94b2df10a2 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -25,6 +25,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-57807.patch \ file://CVE-2025-62171.patch \ file://CVE-2025-65955.patch \ + file://CVE-2026-22770.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124441): https://lists.openembedded.org/g/openembedded-devel/message/124441 Mute This Topic: https://lists.openembedded.org/mt/117854159/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
