Overview

File ImageMagick-CVE-2017-11750,12676,12643.patch of Package ImageMagick.12053

Index: ImageMagick-6.8.8-1/coders/png.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/png.c	2018-01-12 13:44:37.427074741 +0100
+++ ImageMagick-6.8.8-1/coders/png.c	2018-01-12 13:47:44.954186147 +0100
@@ -4289,6 +4289,13 @@ static Image *ReadOneJNGImage(MngInfo *m
 
     if (length)
       {
+         if (length > GetBlobSize(image))
+           {
+             DestroyJNG(NULL,&color_image,&color_image_info,&alpha_image,&alpha_image_info);
+             ThrowReaderException(CorruptImageError,
+               "InsufficientImageDataInFile");
+           }
+
         chunk=(unsigned char *) AcquireQuantumMemory(length,sizeof(*chunk));
 
         if (chunk == (unsigned char *) NULL)
@@ -5181,6 +5188,9 @@ static Image *ReadOneMNGImage(MngInfo* m
 
         if (length)
           {
+            if (length > GetBlobSize(image))
+              ThrowReaderException(CorruptImageError,
+                                   "InsufficientImageDataInFile");
             chunk=(unsigned char *) AcquireQuantumMemory(length,sizeof(*chunk));
 
             if (chunk == (unsigned char *) NULL)
openSUSE Build Service is sponsored by
Places