Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25638
Backport the patch that references the related github advisory[1] in its commit message. Just a few commits later upstream decided to slightly change the same line in a new commit[2] - this patch contains that change too. (Though functionally they seem to do the same in this case: the new version frees only one image, the original version was freeing an image list, by calling the function from the new version repeatedly). [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gxcx-qjqp-8vjw [2]: https://github.com/ImageMagick/ImageMagick/commit/6a35526c7ce2b5dd690ded6c423b6eb6c0147967 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../imagemagick/CVE-2026-25638.patch | 26 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 27 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25638.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25638.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25638.patch new file mode 100644 index 0000000000..df019d9f6b --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25638.patch @@ -0,0 +1,26 @@ +From 4a70293b882cd1bea92eab5eaa1951553109d636 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra <[email protected]> +Date: Tue, 3 Feb 2026 22:06:12 +0100 +Subject: [PATCH] Fixed memory leak when writing MSL files + (GHSA-gxcx-qjqp-8vjw) + +CVE: CVE-2026-25638 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/1e88fca11c7b8517100d518bc99bd8c474f02f88 && +https://github.com/ImageMagick/ImageMagick/commit/6a35526c7ce2b5dd690ded6c423b6eb6c0147967] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + coders/msl.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/coders/msl.c b/coders/msl.c +index 53e3a95d1..bf764f0d5 100644 +--- a/coders/msl.c ++++ b/coders/msl.c +@@ -7887,6 +7887,7 @@ static MagickBooleanType WriteMSLImage(const ImageInfo *image_info,Image *image, + (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename); + msl_image=CloneImage(image,0,0,MagickTrue,exception); + status=ProcessMSLScript(image_info,&msl_image,exception); ++ msl_image=DestroyImage(msl_image); + return(status); + } + #endif diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index 362ce24e59..4b5a7fbb14 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2026-24485.patch \ file://CVE-2026-25576.patch \ file://CVE-2026-25637.patch \ + file://CVE-2026-25638.patch \ " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124910): https://lists.openembedded.org/g/openembedded-devel/message/124910 Mute This Topic: https://lists.openembedded.org/mt/118171763/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
