File GraphicsMagick-CVE-2017-14504.patch of Package GraphicsMagick.openSUSE_Leap_42.3_Update

Index: GraphicsMagick-1.3.25/coders/pnm.c
===================================================================
--- GraphicsMagick-1.3.25.orig/coders/pnm.c	2017-12-13 20:19:43.773292697 +0100
+++ GraphicsMagick-1.3.25/coders/pnm.c	2017-12-13 20:25:58.599953593 +0100
@@ -542,6 +542,9 @@ static Image *ReadPNMImage(const ImageIn
       if ((max_value == 0) || (max_value > 4294967295U))
         ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
 
+      if ((format == XV_332_Format) && (max_value != 255))
+        ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
+
       if (max_value == 0)
         ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
       bits_per_sample=0;
@@ -872,7 +875,7 @@ static Image *ReadPNMImage(const ImageIn
 		  {
 		    /* PGM & XV_332 */
 		    bytes_per_row=MagickArraySize(((bits_per_sample+7U)/8U),image->columns);
-		    if (XV_332_Format == format)
+		    if ((XV_332_Format == format) && (image->storage_class == PseudoClass))
 		      {
 			quantum_type=IndexQuantum;
 		      }
openSUSE Build Service is sponsored by