Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69204
Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../imagemagick/CVE-2025-69204.patch | 71 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 72 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-69204.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-69204.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-69204.patch new file mode 100644 index 0000000000..855ed1a12e --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-69204.patch @@ -0,0 +1,71 @@ +From 7167dbae8306f51d06da940b50c73452f72029f4 Mon Sep 17 00:00:00 2001 +From: Cristy <[email protected]> +Date: Sat, 27 Dec 2025 14:37:23 -0500 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw + +CVE: CVE-2025-69204 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + coders/svg.c | 27 ++++++++++++++++++++++----- + 1 file changed, 22 insertions(+), 5 deletions(-) + +diff --git a/coders/svg.c b/coders/svg.c +index 6a069745f..09705fc39 100644 +--- a/coders/svg.c ++++ b/coders/svg.c +@@ -1249,13 +1249,14 @@ static void SVGStartElement(void *context,const xmlChar *name, + name); + parser=(xmlParserCtxtPtr) context; + svg_info=(SVGInfo *) parser->_private; +- if (svg_info->n++ > MagickMaxRecursionDepth) ++ if (svg_info->n >= MagickMaxRecursionDepth) + { + (void) ThrowMagickException(svg_info->exception,GetMagickModule(), + DrawError,"VectorGraphicsNestedTooDeeply","`%s'",name); + xmlStopParser((xmlParserCtxtPtr) context); + return; + } ++ svg_info->n++; + svg_info->scale=(double *) ResizeQuantumMemory(svg_info->scale,(size_t) + svg_info->n+1,sizeof(*svg_info->scale)); + if (svg_info->scale == (double *) NULL) +@@ -4721,17 +4722,33 @@ static MagickBooleanType WriteSVGImage(const ImageInfo *image_info,Image *image, + } + case PathPrimitive: + { +- int +- number_attributes; ++ size_t ++ number_attributes, ++ quantum; + + (void) GetNextToken(q,&q,extent,token); + number_attributes=1; + for (p=token; *p != '\0'; p++) + if (isalpha((int) ((unsigned char) *p)) != 0) + number_attributes++; +- if (i > ((ssize_t) number_points-6*BezierQuantum*number_attributes-1)) ++ if ((6*BezierQuantum) >= (MAGICK_SSIZE_MAX/number_attributes)) + { +- number_points+=(size_t) (6*BezierQuantum*number_attributes); ++ (void) ThrowMagickException(exception,GetMagickModule(), ++ ResourceLimitError,"MemoryAllocationFailed","`%s'", ++ image->filename); ++ break; ++ } ++ quantum=(size_t) 6*BezierQuantum*number_attributes; ++ if (number_points >= (MAGICK_SSIZE_MAX-quantum)) ++ { ++ (void) ThrowMagickException(exception,GetMagickModule(), ++ ResourceLimitError,"MemoryAllocationFailed","`%s'", ++ image->filename); ++ break; ++ } ++ if (i > (ssize_t) (number_points-quantum-1)) ++ { ++ number_points+=(size_t) quantum; + primitive_info=(PrimitiveInfo *) ResizeQuantumMemory(primitive_info, + number_points,sizeof(*primitive_info)); + if (primitive_info == (PrimitiveInfo *) NULL) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index 60e206e8f1..ffc26e7169 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -28,6 +28,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2025-66628.patch \ file://CVE-2025-68618.patch \ file://CVE-2025-68950.patch \ + file://CVE-2025-69204.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#125090): https://lists.openembedded.org/g/openembedded-devel/message/125090 Mute This Topic: https://lists.openembedded.org/mt/118266346/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
