From b2ddc0105367241b23a45c7dd2dc1b64525b0913 Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Mon, 8 Sep 2025 09:51:04 +0800
Subject: [PATCH] Fix CVE-2025-57807

(cherry picked from commit 8a99da7c329e15d39ffbd992b2390b06bf7f8602)
---
 CVE-2025-57807.patch | 42 ++++++++++++++++++++++++++++++++++++++++++
 ImageMagick.spec     |  6 +++++-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2025-57807.patch

diff --git a/CVE-2025-57807.patch b/CVE-2025-57807.patch
new file mode 100644
index 0000000..0b000ff
--- /dev/null
+++ b/CVE-2025-57807.patch
@@ -0,0 +1,42 @@
+From 077a417a19a5ea8c85559b602754a5b928eef23e Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sun, 24 Aug 2025 12:32:18 -0400
+Subject: [PATCH] 
+ https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg
+
+---
+ MagickCore/blob.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/MagickCore/blob.c b/MagickCore/blob.c
+index dfd489d3afc..20082336a45 100644
+--- a/MagickCore/blob.c
++++ b/MagickCore/blob.c
+@@ -1630,7 +1630,7 @@ static inline ssize_t WriteBlobStream(Image *image,const size_t length,
+   extent=(MagickSizeType) (blob_info->offset+(MagickOffsetType) length);
+   if (extent >= blob_info->extent)
+     {
+-      extent=blob_info->extent+blob_info->quantum+length;
++      extent+=blob_info->quantum+length;
+       blob_info->quantum<<=1;
+       if (SetBlobExtent(image,extent) == MagickFalse)
+         return(0);
+@@ -5912,12 +5912,15 @@ MagickExport ssize_t WriteBlob(Image *image,const size_t length,
+     }
+     case BlobStream:
+     {
+-      if ((blob_info->offset+(MagickOffsetType) length) >=
+-          (MagickOffsetType) blob_info->extent)
++      MagickSizeType
++        extent;
++
++      extent=(MagickSizeType) (blob_info->offset+(MagickOffsetType) length);
++      if (extent >= blob_info->extent)
+         {
+           if (blob_info->mapped != MagickFalse)
+             return(0);
+-          blob_info->extent+=length+blob_info->quantum;
++          blob_info->extent=extent+blob_info->quantum+length;
+           blob_info->quantum<<=1;
+           blob_info->data=(unsigned char *) ResizeQuantumMemory(
+             blob_info->data,blob_info->extent+1,sizeof(*blob_info->data));
diff --git a/ImageMagick.spec b/ImageMagick.spec
index 0d0a22b..15c1f3a 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -1,13 +1,14 @@
 Name:           ImageMagick
 Epoch:          1
 Version:        7.1.2.2
-Release:        1
+Release:        2
 Summary:        Create, edit, compose, or convert bitmap images
 License:        ImageMagick and MIT
 Url:            http://www.imagemagick.org/
 %global VER %(foo=%{version}; echo ${foo:0:5})
 %global Patchlevel %(foo=%{version}; echo ${foo:6})
 Source0:        https://github.com/ImageMagick/ImageMagick/archive/%{VER}-%{Patchlevel}/%{name}-%{VER}-%{Patchlevel}.tar.gz
+Patch0:         CVE-2025-57807.patch
 
 BuildRequires:  bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
 BuildRequires:  libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@@ -161,6 +162,9 @@ rm PerlMagick/demo/Generic.ttf
 %{_libdir}/pkgconfig/ImageMagick*
 
 %changelog
+* Mon Sep 08 2025 yaoxin <1024769339@qq.com> - 1:7.1.2.2-2
+- Fix CVE-2025-57807
+
 * Thu Aug 28 2025 yaoxin <1024769339@qq.com> - 1:7.1.2.2-1
 - Update to 7.1.2.2 for fix CVE-2025-55212, CVE-2025-55298, CVE-2025-57803
 
-- 
Gitee