File ImageMagick-CVE-2018-16645.patch of Package ImageMagick.17344
Index: ImageMagick-7.0.7-34/coders/bmp.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/bmp.c 2018-09-09 20:24:23.551565906 +0200
+++ ImageMagick-7.0.7-34/coders/bmp.c 2018-09-09 20:24:23.659566427 +0200
@@ -661,6 +661,8 @@ static Image *ReadBMPImage(const ImageIn
bmp_info.x_pixels=ReadBlobLSBLong(image);
bmp_info.y_pixels=ReadBlobLSBLong(image);
bmp_info.number_colors=ReadBlobLSBLong(image);
+ if (bmp_info.number_colors > GetBlobSize(image))
+ ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
bmp_info.colors_important=ReadBlobLSBLong(image);
if (image->debug != MagickFalse)
{
Index: ImageMagick-7.0.7-34/coders/dib.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/dib.c 2018-09-09 20:24:23.539565848 +0200
+++ ImageMagick-7.0.7-34/coders/dib.c 2018-09-09 20:36:38.867110399 +0200
@@ -536,6 +536,8 @@ static Image *ReadDIBImage(const ImageIn
dib_info.x_pixels=ReadBlobLSBLong(image);
dib_info.y_pixels=ReadBlobLSBLong(image);
dib_info.number_colors=ReadBlobLSBLong(image);
+ if (dib_info.number_colors > GetBlobSize(image))
+ ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
dib_info.colors_important=ReadBlobLSBLong(image);
if ((dib_info.bits_per_pixel != 1) && (dib_info.bits_per_pixel != 4) &&
(dib_info.bits_per_pixel != 8) && (dib_info.bits_per_pixel != 16) &&
@@ -1015,12 +1017,14 @@ ModuleExport size_t RegisterDIBImage(voi
entry->encoder=(EncodeImageHandler *) WriteDIBImage;
entry->magick=(IsImageFormatHandler *) IsDIB;
entry->flags^=CoderAdjoinFlag;
+ entry->flags|=CoderDecoderSeekableStreamFlag;
entry->flags|=CoderStealthFlag;
(void) RegisterMagickInfo(entry);
entry=AcquireMagickInfo("DIB","ICODIB",
"Microsoft Windows 3.X Packed Device-Independent Bitmap");
entry->decoder=(DecodeImageHandler *) ReadDIBImage;
entry->magick=(IsImageFormatHandler *) IsDIB;
+ entry->flags|=CoderDecoderSeekableStreamFlag;
entry->flags^=CoderAdjoinFlag;
entry->flags|=CoderStealthFlag;
(void) RegisterMagickInfo(entry);