File ImageMagick-CVE-2025-68618.patch of Package ImageMagick.42116

From 6f431d445f3ddd609c004a1dde617b0a73e60beb Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 21 Dec 2025 12:43:08 -0500
Subject: [PATCH] 
 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637

---
 coders/msl.c | 24 ++++++++++++++++--------
 coders/svg.c |  8 +++++++-
 2 files changed, 23 insertions(+), 9 deletions(-)

Index: ImageMagick-7.1.0-9/coders/msl.c
===================================================================
--- ImageMagick-7.1.0-9.orig/coders/msl.c
+++ ImageMagick-7.1.0-9/coders/msl.c
@@ -125,6 +125,7 @@ typedef struct _MSLInfo
     *exception;
 
   ssize_t
+    depth,
     n,
     number_groups;
 
@ -352,6 +352,13 @@ static void MSLStartElement(void *context,const xmlChar *tag,
   exception=AcquireExceptionInfo();
   parser=(xmlParserCtxtPtr) context;
   msl_info=(MSLInfo *) parser->_private;
+  if (msl_info->depth++ >= MagickMaxRecursionDepth)
+    {
+      (void) ThrowMagickException(msl_info->exception,GetMagickModule(),
+        DrawError,"VectorGraphicsNestedTooDeeply","`%s'",tag);
+      xmlStopParser((xmlParserCtxtPtr) context);
+      return;
+    }
   n=msl_info->n;
   keyword=(const char *) NULL;
   value=(char *) NULL;
@@ -7158,6 +7165,7 @@ static void MSLEndElement(void *context,const xmlChar *tag)
   }
   if (msl_info->content != (char *) NULL)
     msl_info->content=DestroyString(msl_info->content);
+  msl_info->depth--;
 }

 static void MSLCharacters(void *context,const xmlChar *c,int length)
Index: ImageMagick-7.1.0-9/coders/svg.c
===================================================================
--- ImageMagick-7.1.0-9.orig/coders/svg.c
+++ ImageMagick-7.1.0-9/coders/svg.c
@@ -1570,7 +1570,13 @@ static void SVGStartElement(void *contex
   (void) LogMagickEvent(CoderEvent,GetMagickModule(),"  SAX.startElement(%s",
     name);
   svg_info=(SVGInfo *) context;
-  svg_info->n++;
+  if (svg_info->n++ > MagickMaxRecursionDepth)
+    {
+      (void) ThrowMagickException(svg_info->exception,GetMagickModule(),
+        DrawError,"VectorGraphicsNestedTooDeeply","`%s'",name);
+      xmlStopParser((xmlParserCtxtPtr) context);
+      return;
+    }
   svg_info->scale=(double *) ResizeQuantumMemory(svg_info->scale,
     svg_info->n+1UL,sizeof(*svg_info->scale));
   if (svg_info->scale == (double *) NULL)