File ImageMagick-6.2.5-CVE-2008-1096.patch of Package ImageMagick

--- coders/xcf.c
+++ coders/xcf.c
@@ -312,6 +312,8 @@
     sizeof(*xcfdata));
   graydata = (unsigned char *)xcfdata;  /* used by gray and indexed */
   nmemb_read_successfully = ReadBlob(image, data_length, (unsigned char *) xcfdata);
+  if (nmemb_read_successfully > (ssize_t) (tile_image->columns*tile_image->rows))
+    ThrowBinaryException(CorruptImageError,"NotEnoughPixelData",image->filename);
 
   q=SetImagePixels(tile_image,0,0,tile_image->columns,tile_image->rows);
 
@@ -558,6 +560,8 @@
                       /* 1.5 is probably more
                          than we need to allow */
 
+      if (offset2-offset >  (MagickOffsetType) (TILE_WIDTH * TILE_WIDTH * 4* 1.5))
+	ThrowBinaryException(CorruptImageError,"CorruptImage",image->filename);
       /* seek to the tile offset */
       (void) SeekBlob(image, offset, SEEK_SET);