imagemagick: patch CVE-2025-53015

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53015 Pick the patches that are mentioned in the relevant github advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-01-01 13:58:06 +00:00 · 2025-10-08 22:59:05 +02:00 · 2025-10-08 22:59:05 +02:00 · 2eefeef2b7
commit 2eefeef2b7
parent ee51f8f457
3 changed files with 74 additions and 0 deletions
--- a/meta-oe/recipes-support/imagemagick/imagemagick/0001-Added-extra-checks-to-make-sure-we-don-t-get-stuck-i.patch
+++ b/meta-oe/recipes-support/imagemagick/imagemagick/0001-Added-extra-checks-to-make-sure-we-don-t-get-stuck-i.patch
@ -0,0 +1,48 @@
+From aae092a403bc79933c081c6be1be1315cb231de9 Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Fri, 2 May 2025 18:33:17 +0200
+Subject: [PATCH] Added extra checks to make sure we don't get stuck in the
+ while loop.
+
+CVE: CVE-2025-53015
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ MagickCore/image-private.h |  1 +
+ MagickCore/profile.c       | 11 +++++++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/MagickCore/image-private.h b/MagickCore/image-private.h
+index aa48b3cb5..a7cd99ccb 100644
+--- a/MagickCore/image-private.h
+++ b/MagickCore/image-private.h
+@@ -52,6 +52,7 @@ extern "C" {
+ #define MAGICK_SIZE_MAX  (SIZE_MAX)
+ #define MAGICK_SSIZE_MAX  (SSIZE_MAX)
+ #define MAGICK_SSIZE_MIN  (-SSIZE_MAX-1)
+#define MAGICK_ULONG_MAX  (ULONG_MAX)
+ #define MatteColor  "#bdbdbd"  /* gray */
+ #define MatteColorRGBA  ScaleShortToQuantum(0xbdbd),\
+   ScaleShortToQuantum(0xbdbd),ScaleShortToQuantum(0xbdbd),OpaqueAlpha
+diff --git a/MagickCore/profile.c b/MagickCore/profile.c
+index 7eea1d32f..85c180118 100644
+--- a/MagickCore/profile.c
+++ b/MagickCore/profile.c
+@@ -2571,6 +2571,17 @@ static void GetXmpNumeratorAndDenominator(double value,
+   *denominator=1;
+   if (value <= MagickEpsilon)
+     return;
+  if (value > (double) MAGICK_ULONG_MAX)
+    {
+      *numerator = MAGICK_ULONG_MAX;
+      *denominator = 1;
+      return;
+    }
+  if (floor(value) == value)
+    {
+      *numerator = (unsigned long) value;
+      *denominator = 1;
+    }
+   *numerator=1;
+   df=1.0;
+   while(fabs(df - value) > MagickEpsilon)
--- a/meta-oe/recipes-support/imagemagick/imagemagick/0002-Added-missing-return.patch
+++ b/meta-oe/recipes-support/imagemagick/imagemagick/0002-Added-missing-return.patch
@ -0,0 +1,24 @@
+From a574c6ffa818e91772a3bd37649f552b62cd416e Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Mon, 12 May 2025 22:23:48 +0200
+Subject: [PATCH] Added missing return.
+
+CVE: CVE-2025-53015
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ MagickCore/profile.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/MagickCore/profile.c b/MagickCore/profile.c
+index 85c180118..a68e54f14 100644
+--- a/MagickCore/profile.c
+++ b/MagickCore/profile.c
+@@ -2581,6 +2581,7 @@ static void GetXmpNumeratorAndDenominator(double value,
+     {
+       *numerator = (unsigned long) value;
+       *denominator = 1;
+      return;
+     }
+   *numerator=1;
+   df=1.0;
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
@ -14,6 +14,8 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>([0-9][\.|_|-]?)+)"

 SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https \
           file://0001-Correct-out-of-bounds-read-of-a-single-byte.patch \
+           file://0001-Added-extra-checks-to-make-sure-we-don-t-get-stuck-i.patch \
+           file://0002-Added-missing-return.patch \
           "
 SRCREV = "a2d96f40e707ba54b57e7d98c3277d3ea6611ace"