Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24485
Backport the patch that is referenced by the NVD advisory. Note that the backport is much shorter than the upstream version, only the macro change from the top was backported. There are two reasons for this: 1. The omitted part fails to apply to this version. 2. The omitted part also doesn't introduce any changes. In one part it only shuffles around variable names: it consolidates variable declarations to avoid duplication, without any logic change, and in the other part it introduces a new dedicated "extent" variable to store memory size (instead of "size" variable), but that is also just cosmetics, and introduces no change in the code. The actual fix is in the macro change, which is in this patch. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../imagemagick/CVE-2026-24485.patch | 45 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 46 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24485.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24485.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24485.patch new file mode 100644 index 0000000000..7196aaeb4d --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24485.patch @@ -0,0 +1,45 @@ +From 8b1f339454f9896e518f4c20482e150a9eefb304 Mon Sep 17 00:00:00 2001 +From: Cristy <[email protected]> +Date: Thu, 22 Jan 2026 19:25:35 -0500 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85 + +CVE: CVE-2026-24485 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + coders/pcd.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/coders/pcd.c b/coders/pcd.c +index db613504f..9477c75c0 100644 +--- a/coders/pcd.c ++++ b/coders/pcd.c +@@ -116,19 +116,26 @@ static MagickBooleanType DecodeImage(Image *image,unsigned char *luma, + #define IsSync(sum) ((sum & 0xffffff00UL) == 0xfffffe00UL) + #define PCDGetBits(n) \ + { \ ++ ssize_t \ ++ byte_count = 0x800; \ ++ \ + sum=(sum << n) & 0xffffffff; \ + bits-=n; \ + while (bits <= 24) \ + { \ + if (p >= (buffer+0x800)) \ + { \ +- (void) ReadBlob(image,0x800,buffer); \ ++ byte_count=ReadBlob(image,0x800,buffer); \ ++ if (byte_count != 0x800) \ ++ break; \ + p=buffer; \ + } \ + sum|=(((unsigned int) (*p)) << (24-bits)); \ + bits+=8; \ + p++; \ + } \ ++ if (byte_count != 0x800) \ ++ break; \ + } + + typedef struct PCDTable diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index 991b2e363d..3e2d3ab344 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -17,6 +17,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://imagemagick-ptest.sh \ file://CVE-2026-24481.patch \ file://CVE-2026-24484.patch \ + file://CVE-2026-24485.patch \ " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124907): https://lists.openembedded.org/g/openembedded-devel/message/124907 Mute This Topic: https://lists.openembedded.org/mt/118171759/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
