From a9b824a5000d767776a24c2c77d0ccb4fcfc4fbb Mon Sep 17 00:00:00 2001 From: Nitin Wankhade Date: Wed, 18 Mar 2026 02:09:45 -0700 Subject: [PATCH] imagemagick: Fix CVE-2026-23876 Reference: https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 Signed-off-by: Nitin Wankhade Signed-off-by: Gyorgy Sarvari --- .../imagemagick/files/CVE-2026-23876.patch | 63 +++++++++++++++++++ .../imagemagick/imagemagick_7.0.10.bb | 1 + 2 files changed, 64 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/files/CVE-2026-23876.patch diff --git a/meta-oe/recipes-support/imagemagick/files/CVE-2026-23876.patch b/meta-oe/recipes-support/imagemagick/files/CVE-2026-23876.patch new file mode 100644 index 0000000000..40d82c9481 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/files/CVE-2026-23876.patch @@ -0,0 +1,63 @@ +From 2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Sun, 18 Jan 2026 17:54:12 +0100 + +Subject: [PATCH] imagemagick: Fix CVE-2026-23876 +CVE: CVE-2026-23876 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8] +Signed-off-by: Nitin Wankhade +=== +diff --git a/coders/xbm.c b/coders/xbm.c +index b036d5e..2d6bc9c 100644 +--- a/coders/xbm.c ++++ b/coders/xbm.c +@@ -200,6 +200,10 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception) + short int + hex_digits[256]; + ++ size_t ++ bytes_per_line, ++ length; ++ + ssize_t + y; + +@@ -209,8 +213,6 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception) + unsigned int + bit, + byte, +- bytes_per_line, +- length, + padding, + version; + +@@ -340,15 +342,15 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception) + if (((image->columns % 16) != 0) && ((image->columns % 16) < 9) && + (version == 10)) + padding=1; +- bytes_per_line=(unsigned int) (image->columns+7)/8+padding; +- length=(unsigned int) image->rows; +- data=(unsigned char *) AcquireQuantumMemory(length,bytes_per_line* +- sizeof(*data)); ++ bytes_per_line=(image->columns+7)/8+padding; ++ if (HeapOverflowSanityCheckGetSize(bytes_per_line,image->rows,&length) != MagickFalse) ++ ThrowReaderException(CorruptImageError,"ImproperImageHeader"); ++ data=(unsigned char *) AcquireQuantumMemory(length,sizeof(*data)); + if (data == (unsigned char *) NULL) + ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + p=data; + if (version == 10) +- for (i=0; i < (ssize_t) (bytes_per_line*image->rows); (i+=2)) ++ for (i=0; i < (ssize_t) length; i+=2) + { + c=XBMInteger(image,hex_digits); + if (c < 0) +@@ -361,7 +363,7 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception) + *p++=(unsigned char) (c >> 8); + } + else +- for (i=0; i < (ssize_t) (bytes_per_line*image->rows); i++) ++ for (i=0; i < (ssize_t) length; i++) + { + c=XBMInteger(image,hex_digits); + if (c < 0) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb index a2e08afc1a..9bc857b715 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.0.10.bb @@ -53,6 +53,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-68618.patch \ file://CVE-2026-22770.patch \ file://CVE-2026-23874.patch \ + file://CVE-2026-23876.patch \ " SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"