File GraphicsMagick-CVE-2016-10048.patch of Package GraphicsMagick.7782

Index: GraphicsMagick-1.2.5/magick/module.c
===================================================================
--- GraphicsMagick-1.2.5.orig/magick/module.c	2017-01-19 10:50:19.863223896 +0100
+++ GraphicsMagick-1.2.5/magick/module.c	2017-01-19 11:45:42.573013646 +0100
@@ -523,6 +523,17 @@ static MagickPassFail FindMagickModule(c
   assert(path != (char *) NULL);
   assert(exception != (ExceptionInfo *) NULL);
   (void) strlcpy(path,filename,MaxTextExtent);
+  if (strstr(path,"../") != (char *) NULL)
+    {
+      char
+        message[MaxTextExtent];
+
+      errno=EPERM;
+      FormatString(message,"\"%.1024s\"",path);
+      ThrowException(exception,ModuleError,UnableToLoadModule,message);
+      return(MagickFalse);
+    }
+
   
   if (InitializeModuleSearchPath(module_type,exception) == MagickFail)
     return (status);

Places

File GraphicsMagick-CVE-2016-10048.patch of Package GraphicsMagick.7782

Places