Overview

File GraphicsMagick-CVE-2018-16645.patch of Package GraphicsMagick.10463

Index: GraphicsMagick-1.3.29/coders/bmp.c
===================================================================
--- GraphicsMagick-1.3.29.orig/coders/bmp.c	2018-09-10 10:14:11.194733507 +0200
+++ GraphicsMagick-1.3.29/coders/bmp.c	2018-09-10 10:15:46.479276166 +0200
@@ -734,6 +734,8 @@ static Image *ReadBMPImage(const ImageIn
         bmp_info.x_pixels=ReadBlobLSBLong(image); /* Horizontal resolution (pixels/meter) */
         bmp_info.y_pixels=ReadBlobLSBLong(image); /* Vertical resolution (pixels/meter) */
         bmp_info.number_colors=ReadBlobLSBLong(image); /* Number of colors */
+        if (bmp_info.number_colors > GetBlobSize(image))
+          ThrowReaderException(CorruptImageError,InsufficientImageDataInFile,image);
         bmp_info.colors_important=ReadBlobLSBLong(image); /* Minimum important colors */
         profile_data=0;
         profile_size=0;
Index: GraphicsMagick-1.3.29/coders/dib.c
===================================================================
--- GraphicsMagick-1.3.29.orig/coders/dib.c	2018-04-29 20:01:26.000000000 +0200
+++ GraphicsMagick-1.3.29/coders/dib.c	2018-09-10 10:14:11.194733507 +0200
@@ -610,6 +610,8 @@ static Image *ReadDIBImage(const ImageIn
   dib_info.x_pixels=ReadBlobLSBLong(image);
   dib_info.y_pixels=ReadBlobLSBLong(image);
   dib_info.number_colors=ReadBlobLSBLong(image);
+  if (dib_info.number_colors > GetBlobSize(image))
+    ThrowReaderException(CorruptImageError,InsufficientImageDataInFile,image);
   dib_info.colors_important=ReadBlobLSBLong(image);
   if (EOFBlob(image))
     ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
@@ -1158,6 +1160,7 @@ ModuleExport void RegisterDIBImage(void)
   entry->encoder=(EncoderHandler) WriteDIBImage;
   entry->magick=(MagickHandler) IsDIB;
   entry->adjoin=False;
+  entry->seekable_stream=True;
   entry->stealth=True;
   entry->description="Microsoft Windows 3.X Packed Device-Independent Bitmap";
   entry->module="DIB";
@@ -1168,6 +1171,7 @@ ModuleExport void RegisterDIBImage(void)
   /* entry->encoder=(EncoderHandler) WriteDIBImage; */
   entry->magick=(MagickHandler) IsDIB;
   entry->adjoin=False;
+  entry->seekable_stream=True;
   entry->stealth=True;
   entry->raw=True; /* Requires size to work correctly. */
   entry->description="Microsoft Windows 3.X Packed Device-Independent Bitmap + Mask";
openSUSE Build Service is sponsored by
Places