File ImageMagick-6.2.8-CVE-2008-1096.patch of Package ImageMagick

--- ImageMagick-6.2.8.orig/coders/xcf.c	2008-01-29 12:08:30.000000000 +1000
+++ ImageMagick-6.2.8/coders/xcf.c	2008-02-07 15:06:49.000000000 +1000
@@ -310,6 +310,8 @@ static int load_tile (Image* image, Imag
     sizeof(*xcfdata));
   graydata = (unsigned char *)xcfdata;  /* used by gray and indexed */
   nmemb_read_successfully = ReadBlob(image, data_length, (unsigned char *) xcfdata);
+  if (nmemb_read_successfully > (ssize_t) (tile_image->columns*tile_image->rows))
+    ThrowBinaryException(CorruptImageError,"NotEnoughPixelData",image->filename);
 
   q=SetImagePixels(tile_image,0,0,tile_image->columns,tile_image->rows);
 
@@ -556,6 +558,8 @@ static int load_level (Image* image, XCF
                       /* 1.5 is probably more
                          than we need to allow */
 
+      if (offset2-offset >  (MagickOffsetType) (TILE_WIDTH * TILE_WIDTH * 4* 1.5))
+	ThrowBinaryException(CorruptImageError,"CorruptImage",image->filename);
       /* seek to the tile offset */
       (void) SeekBlob(image, offset, SEEK_SET);