Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/imagemagick: security bump to v7.1.2-3

Browse Source 
This fixes the following vulnerabilities:
- CVE-2023-5341:
    A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
    https://www.cve.org/CVERecord?id=CVE-2023-5341

- CVE-2025-55004:
    ImageMagick is free and open-source software used for editing and
    manipulating digital images. Prior to version 7.1.2-1, ImageMagick is
    vulnerable to heap-buffer overflow read around the handling of images
    with separate alpha channels when performing image magnification in
    ReadOneMNGIMage. This can likely be used to leak subsequent memory
    contents into the output image. This issue has been patched in version
    7.1.2-1.
    https://www.cve.org/CVERecord?id=CVE-2025-55004

- CVE-2025-55005:
    ImageMagick is free and open-source software used for editing and
    manipulating digital images. Prior to version 7.1.2-1, when preparing
    to transform from Log to sRGB colorspaces, the logmap construction
    fails to handle cases where the reference-black or reference-white
    value is larger than 1024. This leads to corrupting memory beyond the
    end of the allocated logmap buffer. This issue has been patched in
    version 7.1.2-1.
    https://www.cve.org/CVERecord?id=CVE-2025-55005

- CVE-2025-55160:
    ImageMagick is free and open-source software used for editing and
    manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1,
    there is undefined behavior (function-type-mismatch) in splay tree
    cloning callback. This results in a deterministic abort under UBSan
    (DoS in sanitizer builds), with no crash in a non-sanitized build.
    This issue has been patched in versions 6.9.13-27 and 7.1.2-1.
    https://www.cve.org/CVERecord?id=CVE-2025-55160

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Titouan Christophe
2025-09-03 14:43:06 +02:00
committed by Peter Korsgaard
parent c4c282f8ec
commit 0eefa1095d
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package/imagemagick/imagemagick.hash
View File

@@ -1,3 +1,3 @@
# Locally computed
sha256 ceb972266b23dc7c1cfce0da5a7f0c9acfb4dc81f40eb542a49476fedbc2618f imagemagick-7.1.1-43.tar.gz
sha256 b16415e8694a2e15e5282d64fc7b358f309ff3a514a90eb5da268676c772de3d imagemagick-7.1.2-3.tar.gz
sha256 a556c5292c87c9a6ac795c80669b0c3660f9f729de8c476bf2b10f83ab1b34ec LICENSE

2
package/imagemagick/imagemagick.mk
View File

@@ -4,7 +4,7 @@
#
################################################################################
IMAGEMAGICK_VERSION = 7.1.1-43
IMAGEMAGICK_VERSION = 7.1.2-3
IMAGEMAGICK_SITE = $(call github,ImageMagick,ImageMagick,$(IMAGEMAGICK_VERSION))
IMAGEMAGICK_LICENSE = Apache-2.0
IMAGEMAGICK_LICENSE_FILES = LICENSE