Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:8900
ImageMagick.openSUSE_Leap_42.3_Update
ImageMagick-CVE-2018-16644.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2018-16644.patch of Package ImageMagick.openSUSE_Leap_42.3_Update
Index: ImageMagick-6.8.8-1/coders/pict.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/pict.c 2018-09-10 14:27:47.235975919 +0200 +++ ImageMagick-6.8.8-1/coders/pict.c 2018-09-10 14:27:48.047980070 +0200 @@ -946,6 +946,9 @@ static Image *ReadPICTImage(const ImageI Clipping rectangle. */ length=ReadBlobMSBShort(image); + if (length > GetBlobSize(image)) + ThrowPICTException(CorruptImageError, + "InsufficientImageDataInFile"); if (length != 0x000a) { for (i=0; i < (ssize_t) (length-2); i++) @@ -987,6 +990,9 @@ static Image *ReadPICTImage(const ImageI if (pattern != 1) ThrowReaderException(CorruptImageError,"UnknownPatternType"); length=ReadBlobMSBShort(image); + if (length > GetBlobSize(image)) + ThrowPICTException(CorruptImageError, + "InsufficientImageDataInFile"); if (ReadRectangle(image,&frame) == MagickFalse) ThrowReaderException(CorruptImageError,"ImproperImageHeader"); if (ReadPixmap(image,&pixmap) == MagickFalse) @@ -998,6 +1004,9 @@ static Image *ReadPICTImage(const ImageI (void) ReadBlobMSBLong(image); flags=1L*ReadBlobMSBShort(image); length=ReadBlobMSBShort(image); + if (length > GetBlobSize(image)) + ThrowPICTException(CorruptImageError, + "InsufficientImageDataInFile"); for (i=0; i <= (ssize_t) length; i++) (void) ReadBlobMSBLong(image); width=1UL*(frame.bottom-frame.top); @@ -1049,6 +1058,9 @@ static Image *ReadPICTImage(const ImageI Skip polygon or region. */ length=ReadBlobMSBShort(image); + if (length > GetBlobSize(image)) + ThrowPICTException(CorruptImageError, + "InsufficientImageDataInFile"); for (i=0; i < (ssize_t) (length-2); i++) (void) ReadBlobByte(image); break; @@ -1182,6 +1194,9 @@ static Image *ReadPICTImage(const ImageI Skip region. */ length=ReadBlobMSBShort(image); + if (length > GetBlobSize(image)) + ThrowPICTException(CorruptImageError, + "InsufficientImageDataInFile"); for (i=0; i < (ssize_t) (length-2); i++) (void) ReadBlobByte(image); } @@ -1310,6 +1325,9 @@ static Image *ReadPICTImage(const ImageI */ type=ReadBlobMSBShort(image); length=ReadBlobMSBShort(image); + if (length > GetBlobSize(image)) + ThrowPICTException(CorruptImageError, + "InsufficientImageDataInFile"); if (length == 0) break; (void) ReadBlobMSBLong(image); @@ -1421,6 +1439,9 @@ static Image *ReadPICTImage(const ImageI return((Image *) NULL); } length=ReadBlobMSBLong(image); + if (length > GetBlobSize(image)) + ThrowPICTException(CorruptImageError, + "InsufficientImageDataInFile"); for (i=0; i < 6; i++) (void) ReadBlobMSBLong(image); if (ReadRectangle(image,&frame) == MagickFalse) @@ -1464,6 +1485,9 @@ static Image *ReadPICTImage(const ImageI Skip reserved. */ length=ReadBlobMSBShort(image); + if (length > GetBlobSize(image)) + ThrowPICTException(CorruptImageError, + "InsufficientImageDataInFile"); for (i=0; i < (ssize_t) length; i++) (void) ReadBlobByte(image); continue; @@ -1474,6 +1498,9 @@ static Image *ReadPICTImage(const ImageI Skip reserved. */ length=(size_t) ((code >> 7) & 0xff); + if (length > GetBlobSize(image)) + ThrowPICTException(CorruptImageError, + "InsufficientImageDataInFile"); for (i=0; i < (ssize_t) length; i++) (void) ReadBlobByte(image); continue; Index: ImageMagick-6.8.8-1/coders/dcm.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/dcm.c 2018-09-10 14:27:47.379976656 +0200 +++ ImageMagick-6.8.8-1/coders/dcm.c 2018-09-10 14:28:16.372124858 +0200 @@ -3599,6 +3599,8 @@ static Image *ReadDCMImage(const ImageIn tag=(ReadBlobLSBShort(image) << 16) | ReadBlobLSBShort(image); length=(size_t) ReadBlobLSBLong(image); + if (length > (size_t) GetBlobSize(image)) + ThrowDCMException(CorruptImageError,"InsufficientImageDataInFile"); if (tag == 0xFFFEE0DD) break; /* sequence delimiter tag */ if (tag != 0xFFFEE000)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor