[oe] [meta-oe][scarthgap][PATCH 1/3] imagemagick: patch CVE-2025-68618

Gyorgy Sarvari via lists.openembedded.org Wed, 11 Mar 2026 12:04:27 -0700

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68618


Backport the commit that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 .../imagemagick/CVE-2025-68618.patch          | 109 ++++++++++++++++++
 .../imagemagick/imagemagick_7.1.1.bb          |   1 +
 2 files changed, 110 insertions(+)
 create mode 100644 
meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-68618.patch

diff --git 
a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-68618.patch 
b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-68618.patch
new file mode 100644
index 0000000000..e5dcc248a8
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-68618.patch
@@ -0,0 +1,109 @@
+From 68f99b5094315eb3b4020f01bf9fab9a7c5c40a1 Mon Sep 17 00:00:00 2001
+From: Cristy <[email protected]>
+Date: Sun, 21 Dec 2025 12:43:08 -0500
+Subject: [PATCH] 
+ 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637
+
+CVE: CVE-2025-68618
+Upstream-Status: Backport 
[https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb]
+Signed-off-by: Gyorgy Sarvari <[email protected]>
+---
+ coders/msl.c | 24 ++++++++++++++++--------
+ coders/svg.c |  8 +++++++-
+ 2 files changed, 23 insertions(+), 9 deletions(-)
+
+diff --git a/coders/msl.c b/coders/msl.c
+index dc7a8bfd8..80468b1ff 100644
+--- a/coders/msl.c
++++ b/coders/msl.c
+@@ -120,6 +120,7 @@ typedef struct _MSLInfo
+     *exception;
+ 
+   ssize_t
++    depth,
+     n,
+     number_groups;
+ 
+@@ -328,6 +329,10 @@ static void MSLStartElement(void *context,const xmlChar 
*tag,
+   RectangleInfo
+     geometry;
+ 
++  size_t
++    height,
++    width;
++
+   ssize_t
+     i,
+     j,
+@@ -336,11 +341,6 @@ static void MSLStartElement(void *context,const xmlChar 
*tag,
+     x,
+     y;
+ 
+-
+-  size_t
+-    height,
+-    width;
+-
+   xmlParserCtxtPtr
+     parser;
+ 
+@@ -352,6 +352,13 @@ static void MSLStartElement(void *context,const xmlChar 
*tag,
+   exception=AcquireExceptionInfo();
+   parser=(xmlParserCtxtPtr) context;
+   msl_info=(MSLInfo *) parser->_private;
++  if (msl_info->depth++ >= MagickMaxRecursionDepth)
++    {        
++      (void) ThrowMagickException(msl_info->exception,GetMagickModule(),
++        DrawError,"VectorGraphicsNestedTooDeeply","`%s'",tag);
++      xmlStopParser((xmlParserCtxtPtr) context);
++      return;
++    }
+   n=msl_info->n;
+   keyword=(const char *) NULL;
+   value=(char *) NULL;
+@@ -7057,15 +7064,15 @@ static void MSLStartElement(void *context,const 
xmlChar *tag,
+ 
+ static void MSLEndElement(void *context,const xmlChar *tag)
+ {
+-  ssize_t
+-    n;
+-
+   MSLInfo
+     *msl_info;
+ 
+   xmlParserCtxtPtr
+     parser;
+ 
++  ssize_t
++    n;
++
+   /*
+     Called when the end of an element has been detected.
+   */
+@@ -7158,6 +7165,7 @@ static void MSLEndElement(void *context,const xmlChar 
*tag)
+   }
+   if (msl_info->content != (char *) NULL)
+     msl_info->content=DestroyString(msl_info->content);
++  msl_info->depth--;
+ }
+ 
+ static void MSLCharacters(void *context,const xmlChar *c,int length)
+diff --git a/coders/svg.c b/coders/svg.c
+index b1ac0783d..6a069745f 100644
+--- a/coders/svg.c
++++ b/coders/svg.c
+@@ -1249,7 +1249,13 @@ static void SVGStartElement(void *context,const xmlChar 
*name,
+     name);
+   parser=(xmlParserCtxtPtr) context;
+   svg_info=(SVGInfo *) parser->_private;
+-  svg_info->n++;
++  if (svg_info->n++ > MagickMaxRecursionDepth)
++    {
++      (void) ThrowMagickException(svg_info->exception,GetMagickModule(),
++        DrawError,"VectorGraphicsNestedTooDeeply","`%s'",name);
++      xmlStopParser((xmlParserCtxtPtr) context);
++      return;
++    }
+   svg_info->scale=(double *) ResizeQuantumMemory(svg_info->scale,(size_t)
+     svg_info->n+1,sizeof(*svg_info->scale));
+   if (svg_info->scale == (double *) NULL)
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb 
b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
index 40e57b7f1d..0e52519558 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
@@ -26,6 +26,7 @@ SRC_URI = 
"git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
            file://CVE-2025-62171.patch \
            file://CVE-2025-65955.patch \
            file://CVE-2025-66628.patch \
+           file://CVE-2025-68618.patch \
            "
 SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#125088): 
https://lists.openembedded.org/g/openembedded-devel/message/125088
Mute This Topic: https://lists.openembedded.org/mt/118266343/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][scarthgap][PATCH 1/3] imagemagick: patch CVE-2025-68618

Reply via email to