git.99rst.org Git - openwrt-packages.git/commit

author	Alexandru Ardelean <redacted>
	Wed, 22 Apr 2026 09:19:52 +0000 (12:19 +0300)
committer	Alexandru Ardelean <redacted>
	Wed, 6 May 2026 18:05:36 +0000 (21:05 +0300)
commit	ad6f76e309c29b9319d988d16ce551df10027a61
tree	f0834c1e1cdf02f6a054f2217649bab1d304a027	tree \| snapshot
parent	edf0d6c70eb86fe74988992d35e05d5d82322d9a	commit \| diff

imagemagick: update to 7.1.2-21

Security fixes (18 GHSAs addressed between 7.1.2-1 and 7.1.2-21):
- Fix stack buffer overflow in MagnifyImage (GHSA-rqq8-jh93-f4vg, high)
- Fix heap buffer overflow in WaveletDenoiseImage (GHSA-5ggv-92r5-cp4p)
- Fix uninitialized pointer dereference in JBIG decoder (GHSA-wj8w-pjxf-9g4f, high)
- Fix heap buffer over-write in PNG encoder with large profiles (GHSA-qmw5-2p58-xvrc)
- Fix heap buffer overflow in UHDR encoder (GHSA-h95r-c8c7-mrwx)
- Fix stack buffer overflow in sixel encoder (GHSA-49hx-7656-jpg3)
- Fix heap-buffer-overflow in NewXMLTree XML parsing (GHSA-gc62-2v5p-qpmp)
- Fix heap buffer over-write on 32-bit systems in SFW decoder (GHSA-56jp-jfqg-f8f4)
- Add overflow checks to BMP/DIB, SGI, PS3, JXL, and sixel write paths

Bug fixes:
- Fix double-free in SVG gradientTransform/transform parsing
- Fix NULL pointer dereference in HEIC NCLX color profile allocation
- Fix heap over-read in BilateralBlurImage with even-dimension kernels
- Fix infinite loop when decoding JXL with -limit height/width
- Fix race condition using properties instead of global splaytree

Signed-off-by: Alexandru Ardelean <redacted>

multimedia/imagemagick/Makefile		diff \| blob \| history
multimedia/imagemagick/test.sh	[new file with mode: 0644]	blob