packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2025-43965 and CVE-2025-46393

Browse Source 
(cherry picked from commit 746eeaed29da1b420591520df72e6d2216ff5f08)
This commit is contained in:
starlet-dx 2025-04-29 17:22:13 +08:00 committed by openeuler-sync-bot
parent ac00081555
commit e8126f9540
3 changed files with 64 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
CVE-2025-43965.patch Normal file
View File

@ -0,0 +1,22 @@
From bac413a26073923d3ffb258adaab07fb3fe8fdc9 Mon Sep 17 00:00:00 2001
From: Dirk Lemstra <dirk@lemstra.org>
Date: Sat, 8 Feb 2025 23:31:39 +0100
Subject: [PATCH] Update the image depth after this has been changed by
SetQuantumFormat.
---
coders/miff.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/coders/miff.c b/coders/miff.c
index 66f8d3850bf..77e92500679 100644
--- a/coders/miff.c
+++ b/coders/miff.c
@@ -1335,6 +1335,7 @@ static Image *ReadMIFFImage(const ImageInfo *image_info,
if (quantum_format != UndefinedQuantumFormat)
{
status=SetQuantumFormat(image,quantum_info,quantum_format);
+ image->depth=quantum_info->depth;
if (status == MagickFalse)
ThrowMIFFException(ResourceLimitError,"MemoryAllocationFailed");
}

36
CVE-2025-46393.patch Normal file
View File

@ -0,0 +1,36 @@
From 81ac8a0d2eb21739842ed18c48c7646b7eef65b8 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Fri, 7 Feb 2025 20:57:15 -0500
Subject: [PATCH] multispectral MIFF images renders all channels in arbitrary
order
---
coders/miff.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/coders/miff.c b/coders/miff.c
index 355455bc50e..398f66d0b66 100644
--- a/coders/miff.c
+++ b/coders/miff.c
@@ -1347,10 +1347,10 @@ static Image *ReadMIFFImage(const ImageInfo *image_info,
packet_size+=image->depth/8;
if (image->colorspace == CMYKColorspace)
packet_size+=image->depth/8;
+ if (image->number_meta_channels != 0)
+ packet_size=GetImageChannels(image)*image->depth/8;
if (image->compression == RLECompression)
packet_size++;
- if (image->number_meta_channels != 0)
- packet_size+=image->number_meta_channels*image->depth/8;
compress_extent=MagickMax(MagickMax(BZipMaxExtent(packet_size*
image->columns),LZMAMaxExtent(packet_size*image->columns)),
ZipMaxExtent(packet_size*image->columns));
@@ -2171,7 +2171,7 @@ static MagickBooleanType WriteMIFFImage(const ImageInfo *image_info,
if (compression == RLECompression)
packet_size++;
if (image->number_meta_channels != 0)
- packet_size+=image->number_meta_channels*image->depth/8;
+ packet_size=GetImageChannels(image)*image->depth/8;
length=MagickMax(BZipMaxExtent(packet_size*image->columns),ZipMaxExtent(
packet_size*image->columns));
if ((compression == BZipCompression) || (compression == ZipCompression))

7
ImageMagick.spec
View File

@ -1,7 +1,7 @@
Name: ImageMagick
Epoch: 1
Version: 7.1.1.8
Release: 5
Release: 6
Summary: Create, edit, compose, or convert bitmap images
License: ImageMagick and MIT
Url: http://www.imagemagick.org/
@ -11,6 +11,8 @@ Patch1: CVE-2023-34153.patch
Patch2: CVE-2023-34474-and-CVE-2023-34475.patch
Patch3: CVE-2023-3428.patch
Patch4: CVE-2023-5341.patch
Patch5: CVE-2025-43965.patch
Patch6: CVE-2025-46393.patch
BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@ -165,6 +167,9 @@ rm PerlMagick/demo/Generic.ttf
%{_libdir}/pkgconfig/ImageMagick*
%changelog
* Tue Apr 29 2025 yaoxin <1024769339@qq.com> - 1:7.1.1.8-6
- Fix CVE-2025-43965 and CVE-2025-46393
* Sat Oct 7 2023 liningjie <liningjie@xfusion.com> - 1:7.1.1.8-5
- Fix CVE-2023-5341