Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25637
Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../imagemagick/CVE-2026-25637.patch | 41 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25637.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25637.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25637.patch new file mode 100644 index 0000000000..030a833966 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25637.patch @@ -0,0 +1,41 @@ +From b5cf2b185d6b08eae82a401483623ab780dcfc25 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra <[email protected]> +Date: Wed, 4 Feb 2026 17:19:53 +0100 +Subject: [PATCH] Fixed possible memory leak (GHSA-gm37-qx7w-p258) + +CVE: CVE-2026-25637 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22f57c8901137] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + coders/ashlar.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/coders/ashlar.c b/coders/ashlar.c +index e94cd473d..a6c8c769c 100644 +--- a/coders/ashlar.c ++++ b/coders/ashlar.c +@@ -655,13 +655,13 @@ static Image *ASHLARImage(ImageInfo *image_info,Image *image, + *label, + offset[MagickPathExtent]; + +- DrawInfo +- *draw_info = CloneDrawInfo(image_info,(DrawInfo *) NULL); +- + label=InterpretImageProperties((ImageInfo *) image_info,tile_image, + value,exception); + if (label != (const char *) NULL) + { ++ DrawInfo ++ *draw_info = CloneDrawInfo(image_info,(DrawInfo *) NULL); ++ + (void) CloneString(&draw_info->text,label); + label=DestroyString(label); + (void) FormatLocaleString(offset,MagickPathExtent,"%+g%+g",(double) +@@ -669,6 +669,7 @@ static Image *ASHLARImage(ImageInfo *image_info,Image *image, + geometry.y/2.0+4); + (void) CloneString(&draw_info->geometry,offset); + status=AnnotateImage(ashlar_image,draw_info,exception); ++ draw_info=DestroyDrawInfo(draw_info); + } + } + #if defined(MAGICKCORE_OPENMP_SUPPORT) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index 6e0b42cd2a..362ce24e59 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -19,6 +19,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2026-24484.patch \ file://CVE-2026-24485.patch \ file://CVE-2026-25576.patch \ + file://CVE-2026-25637.patch \ " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124909): https://lists.openembedded.org/g/openembedded-devel/message/124909 Mute This Topic: https://lists.openembedded.org/mt/118171761/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
