Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25796
Backport the patch that mentions the related Github advisory[1] in its commit message. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../imagemagick/CVE-2026-25796.patch | 41 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25796.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25796.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25796.patch new file mode 100644 index 0000000000..aa77f22066 --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25796.patch @@ -0,0 +1,41 @@ +From 0564895c393d0aa21578739ad3126a447a4beace Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra <[email protected]> +Date: Fri, 6 Feb 2026 21:10:47 +0100 +Subject: [PATCH] Prevent memory leak in early exits (GHSA-g2pr-qxjg-7r2w) + +CVE: CVE-2026-25796 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/93ad259ce4f6d641eea0bee73f374af90f35efc3] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + coders/stegano.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/coders/stegano.c b/coders/stegano.c +index 9f5eb6b80..b68d6ce6d 100644 +--- a/coders/stegano.c ++++ b/coders/stegano.c +@@ -150,15 +150,22 @@ static Image *ReadSTEGANOImage(const ImageInfo *image_info, + return(DestroyImage(image)); + watermark->depth=MAGICKCORE_QUANTUM_DEPTH; + if (AcquireImageColormap(image,MaxColormapSize,exception) == MagickFalse) +- ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); ++ { ++ watermark=DestroyImage(watermark); ++ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); ++ } + if (image_info->ping != MagickFalse) + { ++ watermark=DestroyImage(watermark); + (void) CloseBlob(image); + return(GetFirstImageInList(image)); + } + status=SetImageExtent(image,image->columns,image->rows,exception); + if (status == MagickFalse) +- return(DestroyImageList(image)); ++ { ++ watermark=DestroyImage(watermark); ++ return(DestroyImageList(image)); ++ } + for (y=0; y < (ssize_t) image->rows; y++) + { + q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index 8c1e8eb926..bb1272d512 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -23,6 +23,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2026-25638.patch \ file://CVE-2026-25794.patch \ file://CVE-2026-25795.patch \ + file://CVE-2026-25796.patch \ " SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124913): https://lists.openembedded.org/g/openembedded-devel/message/124913 Mute This Topic: https://lists.openembedded.org/mt/118171767/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
