imagemagick: patch CVE-2025-69204

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69204 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-02 02:49:12 +00:00 · 2026-03-11 20:04:18 +01:00 · 2026-03-11 20:04:18 +01:00 · b79eee49df
commit b79eee49df
parent 1c317cf2c8
2 changed files with 72 additions and 0 deletions
--- a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-69204.patch
+++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-69204.patch
@ -0,0 +1,71 @@
+From 7167dbae8306f51d06da940b50c73452f72029f4 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sat, 27 Dec 2025 14:37:23 -0500
+Subject: [PATCH] 
+ https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw
+
+CVE: CVE-2025-69204
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ coders/svg.c | 27 ++++++++++++++++++++++-----
+ 1 file changed, 22 insertions(+), 5 deletions(-)
+
+diff --git a/coders/svg.c b/coders/svg.c
+index 6a069745f..09705fc39 100644
+--- a/coders/svg.c
+++ b/coders/svg.c
+@@ -1249,13 +1249,14 @@ static void SVGStartElement(void *context,const xmlChar *name,
+     name);
+   parser=(xmlParserCtxtPtr) context;
+   svg_info=(SVGInfo *) parser->_private;
+-  if (svg_info->n++ > MagickMaxRecursionDepth)
+  if (svg_info->n >= MagickMaxRecursionDepth)
+     {
+       (void) ThrowMagickException(svg_info->exception,GetMagickModule(),
+         DrawError,"VectorGraphicsNestedTooDeeply","`%s'",name);
+       xmlStopParser((xmlParserCtxtPtr) context);
+       return;
+     }
+  svg_info->n++;
+   svg_info->scale=(double *) ResizeQuantumMemory(svg_info->scale,(size_t)
+     svg_info->n+1,sizeof(*svg_info->scale));
+   if (svg_info->scale == (double *) NULL)
+@@ -4721,17 +4722,33 @@ static MagickBooleanType WriteSVGImage(const ImageInfo *image_info,Image *image,
+       }
+       case PathPrimitive:
+       {
+-        int
+-          number_attributes;
+        size_t
+          number_attributes,
+          quantum;
+ 
+         (void) GetNextToken(q,&q,extent,token);
+         number_attributes=1;
+         for (p=token; *p != '\0'; p++)
+           if (isalpha((int) ((unsigned char) *p)) != 0)
+             number_attributes++;
+-        if (i > ((ssize_t) number_points-6*BezierQuantum*number_attributes-1))
+        if ((6*BezierQuantum) >= (MAGICK_SSIZE_MAX/number_attributes))
+           {
+-            number_points+=(size_t) (6*BezierQuantum*number_attributes);
+            (void) ThrowMagickException(exception,GetMagickModule(),
+              ResourceLimitError,"MemoryAllocationFailed","`%s'",
+              image->filename);
+            break;
+          }
+        quantum=(size_t) 6*BezierQuantum*number_attributes;
+        if (number_points >= (MAGICK_SSIZE_MAX-quantum))
+          {
+            (void) ThrowMagickException(exception,GetMagickModule(),
+              ResourceLimitError,"MemoryAllocationFailed","`%s'",
+              image->filename);
+            break;
+          }
+        if (i > (ssize_t) (number_points-quantum-1))
+          {
+            number_points+=(size_t) quantum;
+             primitive_info=(PrimitiveInfo *) ResizeQuantumMemory(primitive_info,
+               number_points,sizeof(*primitive_info));
+             if (primitive_info == (PrimitiveInfo *) NULL)
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
@ -28,6 +28,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
           file://CVE-2025-66628.patch \
           file://CVE-2025-68618.patch \
           file://CVE-2025-68950.patch \
+           file://CVE-2025-69204.patch \
           "
 SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"