[oe] [meta-oe][whinlatter][PATCH 08/11] imagemagick: patch CVE-2026-25795

Fri, 06 Mar 2026 07:06:22 -0800 

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25795

Backport the commit the references the related Github advisory[1]
explicitly in its commit message.

[1]: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm
Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 .../imagemagick/CVE-2026-25795.patch          | 28 +++++++++++++++++++
 .../imagemagick/imagemagick_7.1.2-13.bb       |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 
meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25795.patch

diff --git 
a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25795.patch 
b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25795.patch
new file mode 100644
index 0000000000..8ff74a43a6
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25795.patch
@@ -0,0 +1,28 @@
+From 1a9ce954971581375f746fda76c73fc94c0b5535 Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <[email protected]>
+Date: Fri, 6 Feb 2026 21:16:10 +0100
+Subject: [PATCH] Fixed NULL pointer dereference in ReadSFWImage
+ (GHSA-p33r-fqw2-rqmm)
+
+CVE: CVE-2026-25795
+Upstream-Status: Backport 
[https://github.com/ImageMagick/ImageMagick/commit/0c7d0b9671ae2616fca106dcada45536eb4df5dc]
+Signed-off-by: Gyorgy Sarvari <[email protected]>
+---
+ coders/sfw.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/sfw.c b/coders/sfw.c
+index f7ab1ef10..cc5fcedc6 100644
+--- a/coders/sfw.c
++++ b/coders/sfw.c
+@@ -317,9 +317,9 @@ static Image *ReadSFWImage(const ImageInfo 
*image_info,ExceptionInfo *exception)
+   if ((unique_file == -1) || (file == (FILE *) NULL))
+     {
+       buffer=(unsigned char *) RelinquishMagickMemory(buffer);
+-      read_info=DestroyImageInfo(read_info);
+       (void) CopyMagickString(image->filename,read_info->filename,
+         MagickPathExtent);
++      read_info=DestroyImageInfo(read_info);
+       
ThrowFileException(exception,FileOpenError,"UnableToCreateTemporaryFile",
+         image->filename);
+       image=DestroyImageList(image);
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb 
b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb
index ab73da952c..8c1e8eb926 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb
@@ -22,6 +22,7 @@ SRC_URI = 
"git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
            file://CVE-2026-25637.patch \
            file://CVE-2026-25638.patch \
            file://CVE-2026-25794.patch \
+           file://CVE-2026-25795.patch \
            "
 
 SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#124912): 
https://lists.openembedded.org/g/openembedded-devel/message/124912
Mute This Topic: https://lists.openembedded.org/mt/118171766/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to