Overview

File ImageMagick-CVE-2025-68618.patch of Package ImageMagick.42133

From 693c8497290ea0c7cac75d3068ea4fa70d7d507e Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 21 Dec 2025 12:43:25 -0500
Subject: [PATCH] 
 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637

---
 coders/msl.c      | 27 +++++++++++++++++----------
 coders/svg.c      | 13 ++++++++++---
 config/policy.xml |  1 -
 3 files changed, 27 insertions(+), 14 deletions(-)

Index: ImageMagick-6.8.8-1/coders/msl.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/msl.c
+++ ImageMagick-6.8.8-1/coders/msl.c
@@ -128,6 +128,7 @@ typedef struct _MSLInfo
     *exception;
 
   ssize_t
+    depth,
     n,
     number_groups;
 
@@ -664,6 +665,13 @@ static void MSLStartElement(void *contex
     "  SAX.startElement(%s",tag);
   GetExceptionInfo(&exception);
   msl_info=(MSLInfo *) context;
+  if (msl_info->depth++ > MagickMaxRecursionDepth)
+    {
+      (void) ThrowMagickException(msl_info->exception,GetMagickModule(),
+        DrawError,"VectorGraphicsNestedTooDeeply","`%s'",tag);
+      xmlStopParser((xmlParserCtxtPtr) context);
+      return;
+    }
   n=msl_info->n;
   keyword=(const char *) NULL;
   value=(char *) NULL;
@@ -7456,6 +7464,7 @@ static void MSLEndElement(void *context,
   }
   if (msl_info->content != (char *) NULL)
     msl_info->content=DestroyString(msl_info->content);
+  msl_info->depth--;
 }
 
 static void MSLCharacters(void *context,const xmlChar *c,int length)
Index: ImageMagick-6.8.8-1/coders/svg.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/svg.c
+++ ImageMagick-6.8.8-1/coders/svg.c
@@ -805,6 +805,13 @@ static void SVGStartElement(void *contex
   (void) LogMagickEvent(CoderEvent,GetMagickModule(),"  SAX.startElement(%s",
     name);
   svg_info=(SVGInfo *) context;
+  if (svg_info->n >= MagickMaxRecursionDepth)
+    {
+      (void) ThrowMagickException(svg_info->exception,GetMagickModule(),
+        DrawError,"VectorGraphicsNestedTooDeeply","`%s'",name);
+      xmlStopParser((xmlParserCtxtPtr) context);
+      return;
+    }
   svg_info->n++;
   svg_info->scale=(double *) ResizeQuantumMemory(svg_info->scale,
     svg_info->n+1UL,sizeof(*svg_info->scale));
Index: ImageMagick-6.8.8-1/magick/studio.h
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/studio.h
+++ ImageMagick-6.8.8-1/magick/studio.h
@@ -358,6 +358,7 @@ extern int vsnprintf(char *,size_t,const
 /*
   Magick defines.
 */
+#define MagickMaxRecursionDepth  600
 #define Swap(x,y) ((x)^=(y), (y)^=(x), (x)^=(y))
 #if defined(_MSC_VER)
 # define DisableMSCWarning(nr) __pragma(warning(push)) \
openSUSE Build Service is sponsored by
Places