File ImageMagick-CVE-2017-13133.patch of Package ImageMagick.openSUSE_Leap_42.3_Update
Index: ImageMagick-6.8.8-1/coders/xcf.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/xcf.c 2017-10-23 14:42:50.032369919 +0200
+++ ImageMagick-6.8.8-1/coders/xcf.c 2017-10-23 14:43:07.984682340 +0200
@@ -670,6 +670,9 @@ static MagickBooleanType load_level(Imag
if (offset2 == 0)
offset2=(MagickOffsetType) (offset + TILE_WIDTH * TILE_WIDTH * 4* 1.5);
/* seek to the tile offset */
+ if (offset2 > GetBlobSize(image))
+ ThrowBinaryException(CorruptImageError,"InsufficientImageDataInFile",
+ image->filename);
offset=SeekBlob(image, offset, SEEK_SET);
/* allocate the image for the tile