File ImageMagick-CVE-2025-53101.patch of Package ImageMagick.39703
From 66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Fri, 27 Jun 2025 20:02:12 -0400
Subject: [PATCH]
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
---
MagickCore/image.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
Index: ImageMagick-7.1.0-9/MagickCore/image.c
===================================================================
--- ImageMagick-7.1.0-9.orig/MagickCore/image.c
+++ ImageMagick-7.1.0-9/MagickCore/image.c
@@ -1659,7 +1659,6 @@ MagickExport size_t InterpretImageFilena
canonical;
ssize_t
- field_width,
offset;
canonical=MagickFalse;
@@ -1675,21 +1674,23 @@ MagickExport size_t InterpretImageFilena
p=q+1;
continue;
}
- field_width=0;
- if (*q == '0')
- field_width=(ssize_t) strtol(q,&q,10);
switch (*q)
{
case 'd':
case 'o':
case 'x':
{
+ ssize_t
+ count;
+
q++;
c=(*q);
*q='\0';
- (void) FormatLocaleString(filename+(p-format-offset),(size_t)
+ count=FormatLocaleString(filename+(p-format-offset),(size_t)
(MagickPathExtent-(p-format-offset)),p,value);
- offset+=(4-field_width);
+ if ((count <= 0) || (count > (MagickPathExtent-(p-format-offset))))
+ return(0);
+ offset+=(ssize_t) ((q-p)-count);
*q=c;
(void) ConcatenateMagickString(filename,q,MagickPathExtent);
canonical=MagickTrue;