File ImageMagick-CVE-2023-34474.patch of Package ImageMagick.30954

Index: ImageMagick-7.1.0-9/coders/tim2.c
===================================================================
--- ImageMagick-7.1.0-9.orig/coders/tim2.c
+++ ImageMagick-7.1.0-9/coders/tim2.c
@@ -511,6 +511,9 @@ static MagickBooleanType ReadTIM2ImageDa
     CSM
       csm;
 
+    size_t
+      clut_size;
+
     ssize_t
       i;
 
@@ -520,12 +523,15 @@ static MagickBooleanType ReadTIM2ImageDa
     /*
       * ### Read CLUT Data ###
       */
-    clut_data=(unsigned char *) AcquireQuantumMemory(1,header->clut_size);
+    clut_size=MagickMax(header->clut_size,(clut_depth/8)*image->colors);
+    clut_data=(unsigned char *) AcquireQuantumMemory(clut_size,
+      sizeof(*clut_data));
     if (clut_data == (unsigned char *) NULL)
       ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
         image_info->filename);
-    count=ReadBlob(image,header->clut_size,clut_data);
-    if (count != (ssize_t) (header->clut_size))
+    (void) memset(clut_data,0,clut_size);
+    count=ReadBlob(image,clut_size,clut_data);
+    if (count != (ssize_t) clut_size)
       {
         clut_data=(unsigned char *) RelinquishMagickMemory(clut_data);
         ThrowBinaryException(CorruptImageError,"InsufficientImageDataInFile",

Places

File ImageMagick-CVE-2023-34474.patch of Package ImageMagick.30954

Places