helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

imagemagick: Fix CVE-2025-68618

Browse Source 
Reference: 6f431d445f

Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Nitin Wankhade 2026-03-18 02:09:31 -07:00 committed by Gyorgy Sarvari
parent 5f2fdd2a49
commit 6afc673218
2 changed files with 96 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
meta-oe/recipes-support/imagemagick/files/CVE-2025-68618.patch Normal file
View File

@ -0,0 +1,95 @@
From 6f431d445f3ddd609c004a1dde617b0a73e60beb Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 21 Dec 2025 12:43:08 -0500
Subject: [PATCH] imagemagick: Fix CVE-2025-68618
CVE: CVE-2025-68618
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb]
Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com>
===
diff --git a/coders/msl.c b/coders/msl.c
index 68abd7d..0e8f632 100644
--- a/coders/msl.c
+++ b/coders/msl.c
@@ -126,6 +126,7 @@ typedef struct _MSLInfo
ssize_t
n,
+ depth,
number_groups;
ImageInfo
@@ -660,13 +661,13 @@ static void MSLStartElement(void *context,const xmlChar *tag,
RectangleInfo
geometry;
- ssize_t
- i;
-
size_t
height,
width;
+ ssize_t
+ i;
+
/*
Called when an opening tag has been processed.
*/
@@ -674,6 +675,13 @@ static void MSLStartElement(void *context,const xmlChar *tag,
" SAX.startElement(%s",tag);
exception=AcquireExceptionInfo();
msl_info=(MSLInfo *) context;
+ if (msl_info->depth++ >= MagickMaxRecursionDepth)
+ {
+ (void) ThrowMagickException(msl_info->exception,GetMagickModule(),
+ DrawError,"VectorGraphicsNestedTooDeeply","`%s'",tag);
+ xmlStopParser((xmlParserCtxtPtr) context);
+ return;
+ }
n=msl_info->n;
keyword=(const char *) NULL;
value=(char *) NULL;
@@ -7430,12 +7438,12 @@ static void MSLStartElement(void *context,const xmlChar *tag,
static void MSLEndElement(void *context,const xmlChar *tag)
{
- ssize_t
- n;
-
MSLInfo
*msl_info;
+ ssize_t
+ n;
+
/*
Called when the end of an element has been detected.
*/
@@ -7525,6 +7533,7 @@ static void MSLEndElement(void *context,const xmlChar *tag)
}
if (msl_info->content != (char *) NULL)
msl_info->content=DestroyString(msl_info->content);
+ msl_info->depth--;
}
static void MSLCharacters(void *context,const xmlChar *c,int length)
diff --git a/coders/svg.c b/coders/svg.c
index 5caf8af..ab139e2 100644
--- a/coders/svg.c
+++ b/coders/svg.c
@@ -1270,7 +1270,13 @@ static void SVGStartElement(void *context,const xmlChar *name,
(void) LogMagickEvent(CoderEvent,GetMagickModule()," SAX.startElement(%s",
name);
svg_info=(SVGInfo *) context;
- svg_info->n++;
+ if (svg_info->n++ > MagickMaxRecursionDepth)
+ {
+ (void) ThrowMagickException(svg_info->exception,GetMagickModule(),
+ DrawError,"VectorGraphicsNestedTooDeeply","`%s'",name);
+ xmlStopParser((xmlParserCtxtPtr) context);
+ return;
+ }
svg_info->scale=(double *) ResizeQuantumMemory(svg_info->scale,
svg_info->n+1UL,sizeof(*svg_info->scale));
if (svg_info->scale == (double *) NULL)

1
meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
View File

@ -50,6 +50,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
file://CVE-2025-62171.patch \
file://CVE-2025-43965.patch \
file://CVE-2025-66628.patch \
file://CVE-2025-68618.patch \
"
SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"