Overview

File ImageMagick-CVE-2026-24481.patch of Package ImageMagick.42998

From 51c9d33f4770cdcfa1a029199375d570af801c97 Mon Sep 17 00:00:00 2001
From: Dirk Lemstra <dirk@lemstra.org>
Date: Fri, 23 Jan 2026 13:19:06 +0100
Subject: [PATCH] Initialize the pixels with empty values to prevent possible
 heap information disclosure (GHSA-96pc-27rx-pr36)

---
 coders/psd.c | 1 +
 1 file changed, 1 insertion(+)

Index: ImageMagick-7.1.0-9/coders/psd.c
===================================================================
--- ImageMagick-7.1.0-9.orig/coders/psd.c
+++ ImageMagick-7.1.0-9/coders/psd.c
@@ -1363,6 +1363,7 @@ static MagickBooleanType ReadPSDChannelZ
       ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
         image->filename);
     }
+  memset(pixels,0,count*sizeof(*pixels));
   if (ReadBlob(image,compact_size,compact_pixels) != (ssize_t) compact_size)
     {
       pixels=(unsigned char *) RelinquishMagickMemory(pixels);
openSUSE Build Service is sponsored by
Places