From db809025cb9972a53c242d7970622c26ecf5115b Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Tue, 29 Apr 2025 17:28:58 +0800 Subject: [PATCH] Fix CVE-2025-43965 --- CVE-2025-43965.patch | 22 ++++++++++++++++++++++ ImageMagick.spec | 6 +++++- 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 CVE-2025-43965.patch diff --git a/CVE-2025-43965.patch b/CVE-2025-43965.patch new file mode 100644 index 0000000..3426ecf --- /dev/null +++ b/CVE-2025-43965.patch @@ -0,0 +1,22 @@ +From c99cbc8d8663248bf353cd9042b04d7936e7587a Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Tue, 11 Feb 2025 22:34:41 +0100 +Subject: [PATCH] Update the image depth after this has been changed by + SetQuantumFormat. + +--- + coders/miff.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/coders/miff.c b/coders/miff.c +index f7af676a0..3ff1b9687 100644 +--- a/coders/miff.c ++++ b/coders/miff.c +@@ -1320,6 +1320,7 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, + if (quantum_format != UndefinedQuantumFormat) + { + status=SetQuantumFormat(image,quantum_info,quantum_format); ++ image->depth=GetImageQuantumDepth(image,MagickFalse); + if (status == MagickFalse) + ThrowMIFFException(ResourceLimitError,"MemoryAllocationFailed"); + } diff --git a/ImageMagick.spec b/ImageMagick.spec index b5799f7..d245b19 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -1,7 +1,7 @@ Name: ImageMagick Epoch: 1 Version: 6.9.12.86 -Release: 5 +Release: 6 Summary: Create, edit, compose, or convert bitmap images License: ImageMagick and MIT Url: http://www.imagemagick.org/ @@ -10,6 +10,7 @@ Patch0: CVE-2023-34151.patch Patch1: CVE-2023-3428.patch Patch2: CVE-2023-39978.patch Patch3: CVE-2023-5341.patch +Patch4: CVE-2025-43965.patch BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel @@ -167,6 +168,9 @@ rm PerlMagick/demo/Generic.ttf %{_libdir}/pkgconfig/ImageMagick++* %changelog +* Tue Apr 29 2025 yaoxin <1024769339@qq.com> - 1:6.9.12.86-6 +- Fix CVE-2025-43965 + * Sat Oct 7 2023 liningjie - 1:6.9.12.86-5 - Fix CVE-2023-5341 -- Gitee