Overview

File ImageMagick-CVE-2018-16645.patch of Package ImageMagick.19146

Index: ImageMagick-7.0.7-34/coders/bmp.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/bmp.c	2018-09-09 20:24:23.551565906 +0200
+++ ImageMagick-7.0.7-34/coders/bmp.c	2018-09-09 20:24:23.659566427 +0200
@@ -661,6 +661,8 @@ static Image *ReadBMPImage(const ImageIn
         bmp_info.x_pixels=ReadBlobLSBLong(image);
         bmp_info.y_pixels=ReadBlobLSBLong(image);
         bmp_info.number_colors=ReadBlobLSBLong(image);
+        if (bmp_info.number_colors > GetBlobSize(image))
+          ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
         bmp_info.colors_important=ReadBlobLSBLong(image);
         if (image->debug != MagickFalse)
           {
Index: ImageMagick-7.0.7-34/coders/dib.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/dib.c	2018-09-09 20:24:23.539565848 +0200
+++ ImageMagick-7.0.7-34/coders/dib.c	2018-09-09 20:36:38.867110399 +0200
@@ -536,6 +536,8 @@ static Image *ReadDIBImage(const ImageIn
   dib_info.x_pixels=ReadBlobLSBLong(image);
   dib_info.y_pixels=ReadBlobLSBLong(image);
   dib_info.number_colors=ReadBlobLSBLong(image);
+  if (dib_info.number_colors > GetBlobSize(image))
+    ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
   dib_info.colors_important=ReadBlobLSBLong(image);
   if ((dib_info.bits_per_pixel != 1) && (dib_info.bits_per_pixel != 4) &&
       (dib_info.bits_per_pixel != 8) && (dib_info.bits_per_pixel != 16) &&
@@ -1015,12 +1017,14 @@ ModuleExport size_t RegisterDIBImage(voi
   entry->encoder=(EncodeImageHandler *) WriteDIBImage;
   entry->magick=(IsImageFormatHandler *) IsDIB;
   entry->flags^=CoderAdjoinFlag;
+  entry->flags|=CoderDecoderSeekableStreamFlag;
   entry->flags|=CoderStealthFlag;
   (void) RegisterMagickInfo(entry);
   entry=AcquireMagickInfo("DIB","ICODIB",
     "Microsoft Windows 3.X Packed Device-Independent Bitmap");
   entry->decoder=(DecodeImageHandler *) ReadDIBImage;
   entry->magick=(IsImageFormatHandler *) IsDIB;
+  entry->flags|=CoderDecoderSeekableStreamFlag;
   entry->flags^=CoderAdjoinFlag;
   entry->flags|=CoderStealthFlag;
   (void) RegisterMagickInfo(entry);
openSUSE Build Service is sponsored by
Places