File imlib-1.9.14-bmpoverflow.patch of Package imlib
--- imlib-1.9.14/gdk_imlib/io-bmp.c +++ imlib-1.9.14/gdk_imlib/io-bmp.c @@ -72,6 +72,10 @@ ncolors = (int)dbuf[0]; if (ncolors == 0) ncolors = 1 << bpp; + + if ((ncolors > (1 << bpp)) || (ncolors < 0)) + ncolors = 1 << bpp; + /* some more sanity checks */ if (((comp == BI_RLE4) && (bpp != 4)) || ((comp == BI_RLE8) && (bpp != 8)) || ((comp == BI_BITFIELDS) && (bpp != 16 && bpp != 32))) {