imagemagick: Fix CVE-2026-23876

Reference: 2fae24192b Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-04-02 02:49:12 +00:00 · 2026-03-18 02:09:45 -07:00 · 2026-03-18 02:09:45 -07:00 · a9b824a500
commit a9b824a500
parent 6577243d2c
2 changed files with 64 additions and 0 deletions
--- a/meta-oe/recipes-support/imagemagick/files/CVE-2026-23876.patch
+++ b/meta-oe/recipes-support/imagemagick/files/CVE-2026-23876.patch
@ -0,0 +1,63 @@
+From 2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Sun, 18 Jan 2026 17:54:12 +0100
+
+Subject: [PATCH] imagemagick: Fix CVE-2026-23876
+CVE: CVE-2026-23876
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8]
+Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com>
+===
+diff --git a/coders/xbm.c b/coders/xbm.c
+index b036d5e..2d6bc9c 100644
+--- a/coders/xbm.c
+++ b/coders/xbm.c
+@@ -200,6 +200,10 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception)
+   short int
+     hex_digits[256];
+ 
+  size_t
+    bytes_per_line,
+    length;
+
+   ssize_t
+     y;
+ 
+@@ -209,8 +213,6 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception)
+   unsigned int
+     bit,
+     byte,
+-    bytes_per_line,
+-    length,
+     padding,
+     version;
+ 
+@@ -340,15 +342,15 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception)
+   if (((image->columns % 16) != 0) && ((image->columns % 16) < 9) &&
+       (version == 10))
+     padding=1;
+-  bytes_per_line=(unsigned int) (image->columns+7)/8+padding;
+-  length=(unsigned int) image->rows;
+-  data=(unsigned char *) AcquireQuantumMemory(length,bytes_per_line*
+-    sizeof(*data));
+  bytes_per_line=(image->columns+7)/8+padding;
+  if (HeapOverflowSanityCheckGetSize(bytes_per_line,image->rows,&length) != MagickFalse)
+    ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+  data=(unsigned char *) AcquireQuantumMemory(length,sizeof(*data));
+   if (data == (unsigned char *) NULL)
+     ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+   p=data;
+   if (version == 10)
+-    for (i=0; i < (ssize_t) (bytes_per_line*image->rows); (i+=2))
+    for (i=0; i < (ssize_t) length; i+=2)
+     {
+       c=XBMInteger(image,hex_digits);
+       if (c < 0)
+@@ -361,7 +363,7 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception)
+         *p++=(unsigned char) (c >> 8);
+     }
+   else
+-    for (i=0; i < (ssize_t) (bytes_per_line*image->rows); i++)
+    for (i=0; i < (ssize_t) length; i++)
+     {
+       c=XBMInteger(image,hex_digits);
+       if (c < 0)
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb
@ -53,6 +53,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
    file://CVE-2025-68618.patch \
    file://CVE-2026-22770.patch \
    file://CVE-2026-23874.patch \
+    file://CVE-2026-23876.patch \
 "

 SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"