File imlib-CVE-2007-3568.patch of Package imlib

The _LoadBMP function in imlib 1.9.15 and earlier allowed context-dependent
attackers to cause a denial of service (infinite loop) via a BMP image with
a Bits Per Page (BPP) value of 0.

--- Imlib/load.c
+++ Imlib/load.c
@@ -673,16 +673,30 @@
 #endif
 
   bpp = (int)word;
-  if (bpp != 1 && bpp != 4 && bpp != 8 && bpp && 16 && bpp != 24 && bpp != 32)
+
+  switch(bpp)
     {
-      fprintf(stderr, "IMLIB ERROR: unknown bitdepth in file\n");
-      return NULL;
+    case  1:
+    case  4:
+    case  8:
+    case 16:
+    case 24:
+    case 32:
+      break;
+    
+    default:
+      {
+        fprintf(stderr, "IMLIB ERROR: unknown bitdepth in file\n");
+        return NULL;
+      }
     }
+
   fread(dbuf, 4, 4, file);
 #if __BYTE_ORDER == __BIG_ENDIAN
   __bswap_32(dbuf[0]);
 #endif
   comp = (int)dbuf[0];
+
   if (comp != BI_RGB && comp != BI_RLE4 && comp != BI_RLE8 && comp != BI_BITFIELDS)
     {
       fprintf(stderr, "IMLIB ERROR: unknown encoding in Windows BMP file\n");
Places

File imlib-CVE-2007-3568.patch of Package imlib

Places
