Overview

File ImageMagick-CVE-2017-14531.patch of Package ImageMagick.8768

--- a/coders/sun.c
+++ b/coders/sun.c
@@ -435,6 +435,8 @@ static Image *ReadSUNImage(const ImageInfo *image_info,ExceptionInfo *exception)
     if (HeapOverflowSanityCheck(sun_info.width,sun_info.depth) != MagickFalse)
       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
     bytes_per_line=sun_info.width*sun_info.depth;
+    if (sun_info.length > GetBlobSize(image))
+      ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
     sun_data=(unsigned char *) AcquireQuantumMemory(sun_info.length,
       sizeof(*sun_data));
     if (sun_data == (unsigned char *) NULL)
openSUSE Build Service is sponsored by
Places