pool/ImageMagick
SHA256
11
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

merge into: pool:factory
Branches Tags
pool:factory pool:slfo-1.2 pool:devel pool:slfo-main
...
pull from: pool:slfo-1.2
Branches Tags
pool:factory pool:slfo-1.2 pool:devel pool:slfo-main

1 Commits
factory ... slfo-1.2

Author SHA256 Message Date
Petr Gajdos
62e38932f6 https://build.suse.de/request/show/387454 2025-08-22 14:07:17 +02:00
9 changed files with 680 additions and 0 deletions
Expand all files Collapse all files

63
ImageMagick-CVE-2025-55004.patch Normal file
View File

@@ -0,0 +1,63 @@
From 55d97055e00a7bc7ae2776c99824002fbb4a72aa Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 7 Aug 2025 19:14:00 -0400
Subject: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
---
coders/png.c | 33 ++++++++++-----------------------
1 file changed, 10 insertions(+), 23 deletions(-)
diff --git a/coders/png.c b/coders/png.c
index 5f3d33a4206..f7ae779b2fe 100644
--- a/coders/png.c
+++ b/coders/png.c
@@ -4791,37 +4791,24 @@ static Image *ReadOneJNGImage(MngReadInfo *mng_info,
jng_image=ReadImage(alpha_image_info,exception);
if (jng_image != (Image *) NULL)
- for (y=0; y < (ssize_t) image->rows; y++)
{
- s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception);
- q=GetAuthenticPixels(image,0,y,image->columns,1,exception);
- if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL))
- break;
+ image->alpha_trait=BlendPixelTrait;
+ for (y=0; y < (ssize_t) image->rows; y++)
+ {
+ s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception);
+ q=GetAuthenticPixels(image,0,y,image->columns,1,exception);
+ if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL))
+ break;
- if (image->alpha_trait != UndefinedPixelTrait)
for (x=(ssize_t) image->columns; x != 0; x--)
{
SetPixelAlpha(image,GetPixelRed(jng_image,s),q);
q+=(ptrdiff_t) GetPixelChannels(image);
s+=(ptrdiff_t) GetPixelChannels(jng_image);
}
-
- else
- for (x=(ssize_t) image->columns; x != 0; x--)
- {
- Quantum
- alpha;
-
- alpha=GetPixelRed(jng_image,s);
- SetPixelAlpha(image,alpha,q);
- if (alpha != OpaqueAlpha)
- image->alpha_trait=BlendPixelTrait;
- q+=(ptrdiff_t) GetPixelChannels(image);
- s+=(ptrdiff_t) GetPixelChannels(jng_image);
- }
-
- if (SyncAuthenticPixels(image,exception) == MagickFalse)
- break;
+ if (SyncAuthenticPixels(image,exception) == MagickFalse)
+ break;
+ }
}
(void) RelinquishUniqueFileResource(alpha_image->filename);
alpha_image=DestroyImageList(alpha_image);

32
ImageMagick-CVE-2025-55005.patch Normal file
View File

@@ -0,0 +1,32 @@
From b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 7 Aug 2025 22:05:10 -0400
Subject: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
---
MagickCore/colorspace.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
index 7ac78a683d8..4b4866a60e4 100644
--- a/MagickCore/colorspace.c
+++ b/MagickCore/colorspace.c
@@ -2420,10 +2420,16 @@ static MagickBooleanType TransformsRGBImage(Image *image,
value=GetImageProperty(image,"reference-black",exception);
if (value != (const char *) NULL)
reference_black=StringToDouble(value,(char **) NULL);
+ if (reference_black > 1024.0)
+ reference_black=1024.0;
reference_white=ReferenceWhite;
value=GetImageProperty(image,"reference-white",exception);
if (value != (const char *) NULL)
reference_white=StringToDouble(value,(char **) NULL);
+ if (reference_white > 1024.0)
+ reference_white=1024.0;
+ if (reference_black > reference_white)
+ reference_black=reference_white;
logmap=(Quantum *) AcquireQuantumMemory((size_t) MaxMap+1UL,
sizeof(*logmap));
if (logmap == (Quantum *) NULL)

75
ImageMagick-CVE-2025-55154.patch Normal file
View File

@@ -0,0 +1,75 @@
Index: ImageMagick-7.1.2-0/coders/png.c
===================================================================
--- ImageMagick-7.1.2-0.orig/coders/png.c
+++ ImageMagick-7.1.2-0/coders/png.c
@@ -6403,7 +6403,7 @@ static Image *ReadOneMNGImage(MngReadInf
if (((mng_info->magn_methx > 0) && (mng_info->magn_methx <= 5)) &&
((mng_info->magn_methy > 0) && (mng_info->magn_methy <= 5)))
{
- png_uint_32
+ size_t
magnified_height,
magnified_width;
@@ -6417,19 +6417,19 @@ static Image *ReadOneMNGImage(MngReadInf
mng_info->magn_methy = 1;
if (mng_info->magn_methx == 1)
{
- magnified_width=mng_info->magn_ml;
+ magnified_width=(size_t) mng_info->magn_ml;
if (image->columns > 1)
magnified_width += mng_info->magn_mr;
if (image->columns > 2)
- magnified_width += (png_uint_32)
+ magnified_width += (size_t)
((image->columns-2)*(mng_info->magn_mx));
}
else
{
- magnified_width=(png_uint_32) image->columns;
+ magnified_width=(size_t) image->columns;
if (image->columns > 1)
magnified_width += mng_info->magn_ml-1;
@@ -6438,25 +6438,25 @@ static Image *ReadOneMNGImage(MngReadInf
magnified_width += mng_info->magn_mr-1;
if (image->columns > 3)
- magnified_width += (png_uint_32)
+ magnified_width += (size_t)
((image->columns-3)*(mng_info->magn_mx-1));
}
if (mng_info->magn_methy == 1)
{
- magnified_height=mng_info->magn_mt;
+ magnified_height=(size_t) mng_info->magn_mt;
if (image->rows > 1)
magnified_height += mng_info->magn_mb;
if (image->rows > 2)
- magnified_height += (png_uint_32)
+ magnified_height += (size_t)
((image->rows-2)*(mng_info->magn_my));
}
else
{
- magnified_height=(png_uint_32) image->rows;
+ magnified_height=(size_t) image->rows;
if (image->rows > 1)
magnified_height += mng_info->magn_mt-1;
@@ -6465,7 +6465,7 @@ static Image *ReadOneMNGImage(MngReadInf
magnified_height += mng_info->magn_mb-1;
if (image->rows > 3)
- magnified_height += (png_uint_32)
+ magnified_height += (size_t)
((image->rows-3)*(mng_info->magn_my-1));
}

157
ImageMagick-CVE-2025-55160.patch Normal file
View File

@@ -0,0 +1,157 @@
From 63d8769dd6a8f32f4096c71be9e08a2c081e47da Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 10 Aug 2025 08:28:28 -0400
Subject: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x
---
MagickCore/artifact.c | 17 ++++++++++++++++-
MagickCore/option.c | 17 ++++++++++++++++-
MagickCore/profile.c | 19 ++++++++++++++++++-
MagickCore/property.c | 18 ++++++++++++++++--
4 files changed, 66 insertions(+), 5 deletions(-)
diff --git a/MagickCore/artifact.c b/MagickCore/artifact.c
index dae6aaaf0b1..764ef75a44b 100644
--- a/MagickCore/artifact.c
+++ b/MagickCore/artifact.c
@@ -99,6 +99,21 @@
% o clone_image: the source image for artifacts to clone.
%
*/
+
+typedef char
+ *(*CloneKeyFunc)(const char *),
+ *(*CloneValueFunc)(const char *);
+
+static inline void *CloneArtifactKey(void *key)
+{
+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
+}
+
+static inline void *CloneArtifactValue(void *value)
+{
+ return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
+}
+
MagickExport MagickBooleanType CloneImageArtifacts(Image *image,
const Image *clone_image)
{
@@ -117,7 +132,7 @@ MagickExport MagickBooleanType CloneImageArtifacts(Image *image,
if (image->artifacts != (void *) NULL)
DestroyImageArtifacts(image);
image->artifacts=CloneSplayTree((SplayTreeInfo *) clone_image->artifacts,
- (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString);
+ CloneArtifactKey,CloneArtifactValue);
}
return(MagickTrue);
}
diff --git a/MagickCore/option.c b/MagickCore/option.c
index 621b0f9b26d..f844f44d6af 100644
--- a/MagickCore/option.c
+++ b/MagickCore/option.c
@@ -2361,6 +2361,21 @@ static const OptionInfo
% o clone_info: the source image info for options to clone.
%
*/
+
+typedef char
+ *(*CloneKeyFunc)(const char *),
+ *(*CloneValueFunc)(const char *);
+
+static inline void *CloneOptionKey(void *key)
+{
+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
+}
+
+static inline void *CloneOptionValue(void *value)
+{
+ return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
+}
+
MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info,
const ImageInfo *clone_info)
{
@@ -2376,7 +2391,7 @@ MagickExport MagickBooleanType CloneImageOptions(ImageInfo *image_info,
if (image_info->options != (void *) NULL)
DestroyImageOptions(image_info);
image_info->options=CloneSplayTree((SplayTreeInfo *) clone_info->options,
- (void *(*)(void *)) ConstantString,(void *(*)(void *)) ConstantString);
+ CloneOptionKey,CloneOptionValue);
}
return(MagickTrue);
}
diff --git a/MagickCore/profile.c b/MagickCore/profile.c
index fac191845f1..8e38b301bb1 100644
--- a/MagickCore/profile.c
+++ b/MagickCore/profile.c
@@ -143,6 +143,23 @@ typedef struct _CMSExceptionInfo
% o clone_image: the clone image.
%
*/
+
+typedef char
+ *(*CloneKeyFunc)(const char *);
+
+typedef StringInfo
+ *(*CloneValueFunc)(const StringInfo *);
+
+static inline void *CloneProfileKey(void *key)
+{
+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
+}
+
+static inline void *CloneProfileValue(void *value)
+{
+ return((void *) ((CloneValueFunc) CloneStringInfo)((const StringInfo *) value));
+}
+
MagickExport MagickBooleanType CloneImageProfiles(Image *image,
const Image *clone_image)
{
@@ -157,7 +174,7 @@ MagickExport MagickBooleanType CloneImageProfiles(Image *image,
if (image->profiles != (void *) NULL)
DestroyImageProfiles(image);
image->profiles=CloneSplayTree((SplayTreeInfo *) clone_image->profiles,
- (void *(*)(void *)) ConstantString,(void *(*)(void *)) CloneStringInfo);
+ CloneProfileKey,CloneProfileValue);
}
return(MagickTrue);
}
diff --git a/MagickCore/property.c b/MagickCore/property.c
index 09ae365dfa2..976ca34d70a 100644
--- a/MagickCore/property.c
+++ b/MagickCore/property.c
@@ -131,6 +131,21 @@
% o clone_image: the clone image.
%
*/
+
+typedef char
+ *(*CloneKeyFunc)(const char *),
+ *(*CloneValueFunc)(const char *);
+
+static inline void *ClonePropertyKey(void *key)
+{
+ return((void *) ((CloneKeyFunc) ConstantString)((const char *) key));
+}
+
+static inline void *ClonePropertyValue(void *value)
+{
+ return((void *) ((CloneValueFunc) ConstantString)((const char *) value));
+}
+
MagickExport MagickBooleanType CloneImageProperties(Image *image,
const Image *clone_image)
{
@@ -195,8 +210,7 @@ MagickExport MagickBooleanType CloneImageProperties(Image *image,
if (image->properties != (void *) NULL)
DestroyImageProperties(image);
image->properties=CloneSplayTree((SplayTreeInfo *)
- clone_image->properties,(void *(*)(void *)) ConstantString,
- (void *(*)(void *)) ConstantString);
+ clone_image->properties,ClonePropertyKey,ClonePropertyValue);
}
return(MagickTrue);
}

198
ImageMagick-filename-placeholder-regression-1.patch Normal file
View File

@@ -0,0 +1,198 @@
From 82550750ec8f79393b381c3ed349dd495bbab8a7 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 19 Jul 2025 13:40:30 -0400
Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/8261
---
MagickCore/image.c | 134 +++++++++++++++++++--------------------------
1 file changed, 55 insertions(+), 79 deletions(-)
diff --git a/MagickCore/image.c b/MagickCore/image.c
index b646df17041..2f859d14208 100644
--- a/MagickCore/image.c
+++ b/MagickCore/image.c
@@ -1651,34 +1651,41 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
ExceptionInfo *exception)
{
char
- *q;
+ *p = filename,
+ pattern[MagickPathExtent];
const char
- *p;
-
- int
- c;
-
- MagickBooleanType
- canonical;
-
- ssize_t
- offset;
+ *cursor = format;
- canonical=MagickFalse;
- offset=0;
+ /*
+ Start with a copy of the format string.
+ */
(void) CopyMagickString(filename,format,MagickPathExtent);
if (IsStringTrue(GetImageOption(image_info,"filename:literal")) != MagickFalse)
return(strlen(filename));
- for (p=strchr(format,'%'); p != (char *) NULL; p=strchr(p+1,'%'))
+ while ((cursor=strchr(cursor,'%')) != (const char *) NULL)
{
- q=(char *) p+1;
- if (*q == '%')
+ const char
+ *q = cursor;
+
+ ssize_t
+ offset = (ssize_t) (cursor-format);
+
+ cursor++; /* move past '%' */
+ if (*cursor == '%')
{
- p++;
+ /*
+ Escaped %%.
+ */
+ cursor++;
continue;
}
- switch (*q)
+ /*
+ Skip padding digits like %03d.
+ */
+ if (*cursor == '0')
+ (void) strtol(cursor,(char **) &cursor,10);
+ switch (*cursor)
{
case 'd':
case 'o':
@@ -1687,93 +1694,62 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
ssize_t
count;
- q++;
- c=(*q);
- *q='\0';
- count=FormatLocaleString(filename+(p-format-offset),(size_t)
- (MagickPathExtent-(p-format-offset)),p,value);
- if ((count <= 0) || (count > (MagickPathExtent-(p-format-offset))))
+ count=FormatLocaleString(pattern,sizeof(pattern),q,value);
+ if ((count <= 0) || (count >= MagickPathExtent))
return(0);
- offset+=(ssize_t) ((q-p)-count);
- *q=(char) c;
- (void) ConcatenateMagickString(filename,q,MagickPathExtent);
- canonical=MagickTrue;
- if (*(q-1) != '%')
- break;
- p++;
+ if ((offset+count) >= MagickPathExtent)
+ return(0);
+ (void) CopyMagickString(p+offset,pattern,(size_t) (MagickPathExtent-
+ offset));
+ cursor++;
break;
}
case '[':
{
- char
- pattern[MagickPathExtent];
-
const char
- *option;
+ *end = strchr(cursor,']'),
+ *option = (const char *) NULL;
- char
- *r;
-
- ssize_t
- i;
-
- ssize_t
- depth;
+ size_t
+ extent = (size_t) (end-cursor);
/*
- Image option.
+ Handle %[key:value];
*/
- if (strchr(p,']') == (char *) NULL)
+ if (end == (const char *) NULL)
break;
- depth=1;
- r=q+1;
- for (i=0; (i < (MagickPathExtent-1L)) && (*r != '\0'); i++)
- {
- if (*r == '[')
- depth++;
- if (*r == ']')
- depth--;
- if (depth <= 0)
- break;
- pattern[i]=(*r++);
- }
- pattern[i]='\0';
- if (LocaleNCompare(pattern,"filename:",9) != 0)
+ if (extent >= sizeof(pattern))
break;
- option=(const char *) NULL;
+ (void) CopyMagickString(pattern,cursor,extent);
+ pattern[extent]='\0';
if (image != (Image *) NULL)
option=GetImageProperty(image,pattern,exception);
- if ((option == (const char *) NULL) && (image != (Image *) NULL))
+ if ((option == (const char *) NULL) && (image != (Image *)NULL))
option=GetImageArtifact(image,pattern);
if ((option == (const char *) NULL) &&
(image_info != (ImageInfo *) NULL))
option=GetImageOption(image_info,pattern);
if (option == (const char *) NULL)
break;
- q--;
- c=(*q);
- *q='\0';
- (void) CopyMagickString(filename+(p-format-offset),option,(size_t)
- (MagickPathExtent-(p-format-offset)));
- offset+=(ssize_t) strlen(pattern)-(ssize_t) strlen(option)+3;
- *q=(char) c;
- (void) ConcatenateMagickString(filename,r+1,MagickPathExtent);
- canonical=MagickTrue;
- if (*(q-1) != '%')
- break;
- p++;
+ (void) CopyMagickString(p+offset,option,(size_t) (MagickPathExtent-
+ offset));
+ cursor=end+1;
break;
}
default:
break;
}
}
- if (canonical == MagickFalse)
- (void) CopyMagickString(filename,format,MagickPathExtent);
- else
- for (q=filename; *q != '\0'; q++)
- if ((*q == '%') && (*(q+1) == '%'))
- (void) CopyMagickString(q,q+1,(size_t) (MagickPathExtent-(q-filename)));
+ for (p=filename; *p != '\0'; )
+ {
+ /*
+ Replace "%%" with "%".
+ */
+ if ((*p == '%') && (*(p+1) == '%'))
+ (void) memmove(p,p+1,strlen(p)); /* shift left */
+ else
+ p++;
+ }
return(strlen(filename));
}

14
ImageMagick-filename-placeholder-regression-2.patch Normal file
View File

@@ -0,0 +1,14 @@
diff --git a/MagickCore/image.c b/MagickCore/image.c
index 2f859d14208..c19ac09f2b5 100644
--- a/MagickCore/image.c
+++ b/MagickCore/image.c
@@ -1733,6 +1733,8 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
break;
(void) CopyMagickString(p+offset,option,(size_t) (MagickPathExtent-
offset));
+ (void) ConcatenateMagickString(p+offset+strlen(option),end+1,(size_t)
+ (MagickPathExtent-offset-strlen(option)-strlen(end)-1));
cursor=end+1;
break;
}

99
ImageMagick-filename-placeholder-regression-3.patch Normal file
View File

@@ -0,0 +1,99 @@
From 6c7c8d5866b9c0ce6cc76a741e05b9482716101e Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 19 Jul 2025 16:07:21 -0400
Subject: [PATCH] more boundary checks
---
MagickCore/image.c | 35 ++++++++++++++++++++++-------------
1 file changed, 22 insertions(+), 13 deletions(-)
diff --git a/MagickCore/image.c b/MagickCore/image.c
index c19ac09f2b5..a1283ed5f19 100644
--- a/MagickCore/image.c
+++ b/MagickCore/image.c
@@ -1660,6 +1660,8 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
/*
Start with a copy of the format string.
*/
+ assert(format != (const char *) NULL);
+ assert(filename != (char *) NULL);
(void) CopyMagickString(filename,format,MagickPathExtent);
if (IsStringTrue(GetImageOption(image_info,"filename:literal")) != MagickFalse)
return(strlen(filename));
@@ -1683,7 +1685,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
/*
Skip padding digits like %03d.
*/
- if (*cursor == '0')
+ if (isdigit((int) ((unsigned char) *cursor)) != 0)
(void) strtol(cursor,(char **) &cursor,10);
switch (*cursor)
{
@@ -1695,9 +1697,8 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
count;
count=FormatLocaleString(pattern,sizeof(pattern),q,value);
- if ((count <= 0) || (count >= MagickPathExtent))
- return(0);
- if ((offset+count) >= MagickPathExtent)
+ if ((count <= 0) || (count >= MagickPathExtent) ||
+ ((offset+count) >= MagickPathExtent))
return(0);
(void) CopyMagickString(p+offset,pattern,(size_t) (MagickPathExtent-
offset));
@@ -1711,7 +1712,9 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
*option = (const char *) NULL;
size_t
- extent = (size_t) (end-cursor);
+ extent = (size_t) (end-cursor-1),
+ option_length,
+ tail_length;
/*
Handle %[key:value];
@@ -1720,21 +1723,27 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
break;
if (extent >= sizeof(pattern))
break;
- (void) CopyMagickString(pattern,cursor,extent);
+ (void) CopyMagickString(pattern,cursor+1,extent+1);
pattern[extent]='\0';
if (image != (Image *) NULL)
- option=GetImageProperty(image,pattern,exception);
- if ((option == (const char *) NULL) && (image != (Image *)NULL))
- option=GetImageArtifact(image,pattern);
- if ((option == (const char *) NULL) &&
+ {
+ option=GetImageProperty(image,pattern,exception);
+ if (option == (const char *) NULL)
+ option=GetImageArtifact(image,pattern);
+ }
+ if ((option == (const char *) NULL) &&
(image_info != (ImageInfo *) NULL))
option=GetImageOption(image_info,pattern);
if (option == (const char *) NULL)
break;
+ option_length=strlen(option);
+ tail_length=strlen(end+1);
+ if ((offset+option_length+tail_length+1) > MagickPathExtent)
+ return(0);
(void) CopyMagickString(p+offset,option,(size_t) (MagickPathExtent-
offset));
- (void) ConcatenateMagickString(p+offset+strlen(option),end+1,(size_t)
- (MagickPathExtent-offset-strlen(option)-strlen(end)-1));
+ (void) ConcatenateMagickString(p+offset+option_length,end+1,(size_t) (
+ MagickPathExtent-offset-option_length-tail_length-1));
cursor=end+1;
break;
}
@@ -1748,7 +1757,7 @@ MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
Replace "%%" with "%".
*/
if ((*p == '%') && (*(p+1) == '%'))
- (void) memmove(p,p+1,strlen(p)); /* shift left */
+ (void) memmove(p,p+1,strlen(p+1)+1); /* shift left */
else
p++;
}

23
ImageMagick.changes
View File

@@ -1,3 +1,26 @@
-------------------------------------------------------------------
Wed Aug 20 15:09:46 UTC 2025 - pgajdos@suse.com
- security update
- added patches
CVE-2025-55004 [bsc#1248076], heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels
+ ImageMagick-CVE-2025-55004.patch
CVE-2025-55005 [bsc#1248077], heap buffer overflow when transforming from Log to sRGB colorspaces
+ ImageMagick-CVE-2025-55005.patch
CVE-2025-55154 [bsc#1248078], integer overflow when performing magnified size calculations in ReadOneMNGIMage can lead to out-of-bounds write
+ ImageMagick-CVE-2025-55154.patch
CVE-2025-55160 [bsc#1248079], undefined behavior due to function-type-mismatch in CloneSplayTree
+ ImageMagick-CVE-2025-55160.patch
-------------------------------------------------------------------
Tue Aug 5 13:24:46 UTC 2025 - pgajdos@suse.com
- added patches
bsc#1247475 (https://github.com/ImageMagick/ImageMagick/issues/8261)
+ ImageMagick-filename-placeholder-regression-1.patch
+ ImageMagick-filename-placeholder-regression-2.patch
+ ImageMagick-filename-placeholder-regression-3.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jul 15 11:36:19 UTC 2025 - pgajdos@suse.com Tue Jul 15 11:36:19 UTC 2025 - pgajdos@suse.com

19
ImageMagick.spec
View File

@@ -50,6 +50,18 @@ Source3: ImageMagick.keyring
Patch0: ImageMagick-configuration-SUSE.patch Patch0: ImageMagick-configuration-SUSE.patch
Patch2: ImageMagick-library-installable-in-parallel.patch Patch2: ImageMagick-library-installable-in-parallel.patch
Patch5: ImageMagick-s390x-disable-tests.patch Patch5: ImageMagick-s390x-disable-tests.patch
# bsc#1247475 (https://github.com/ImageMagick/ImageMagick/issues/8261)
Patch6: ImageMagick-filename-placeholder-regression-1.patch
Patch7: ImageMagick-filename-placeholder-regression-2.patch
Patch8: ImageMagick-filename-placeholder-regression-3.patch
# CVE-2025-55005 [bsc#1248077], heap buffer overflow when transforming from Log to sRGB colorspaces
Patch9: ImageMagick-CVE-2025-55005.patch
# CVE-2025-55154 [bsc#1248078], integer overflow when performing magnified size calculations in ReadOneMNGIMage can lead to out-of-bounds write
Patch10: ImageMagick-CVE-2025-55154.patch
# CVE-2025-55004 [bsc#1248076], heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels
Patch11: ImageMagick-CVE-2025-55004.patch
# CVE-2025-55160 [bsc#1248079], undefined behavior due to function-type-mismatch in CloneSplayTree
Patch12: ImageMagick-CVE-2025-55160.patch
BuildRequires: chrpath BuildRequires: chrpath
BuildRequires: dejavu-fonts BuildRequires: dejavu-fonts
@@ -262,6 +274,13 @@ policy plus disable few other coders for reading and/or writing.
%ifarch s390x %ifarch s390x
%patch -P 5 -p1 %patch -P 5 -p1
%endif %endif
%patch -P 6 -p1
%patch -P 7 -p1
%patch -P 8 -p1
%patch -P 9 -p1
%patch -P 10 -p1
%patch -P 11 -p1
%patch -P 12 -p1
%build %build
# bsc#1088463 # bsc#1088463