Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
ImageMagick.6403
ImageMagick-CVE-2017-15930.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2017-15930.patch of Package ImageMagick.6403
Index: ImageMagick-6.8.8-1/coders/png.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/png.c 2017-11-06 13:21:48.028259385 +0100 +++ ImageMagick-6.8.8-1/coders/png.c 2017-11-06 13:37:50.268858434 +0100 @@ -4236,7 +4236,7 @@ static Image *ReadOneJNGImage(MngInfo *m type[0]='\0'; (void) ConcatenateMagickString(type,"errr",MaxTextExtent); - length=ReadBlobMSBLong(image); + length=(size_t) ReadBlobMSBLong(image); count=(unsigned int) ReadBlob(image,4,(unsigned char *) type); if (logging != MagickFalse) @@ -4338,6 +4338,21 @@ static Image *ReadOneJNGImage(MngInfo *m if (length) chunk=(unsigned char *) RelinquishMagickMemory(chunk); + /* Rationalize dimensions with blob size if it is available */ + if (IsBlobSeekable(image)) + { + MagickSizeType + blob_size; + + blob_size = GetBlobSize(image); + if ((blob_size == 0) || + ((((double) jng_width*jng_height)/blob_size) > 512.0)) + { + chunk=(unsigned char *) RelinquishMagickMemory(chunk); + ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile"); + } + } + continue; } @@ -4694,6 +4709,8 @@ static Image *ReadOneJNGImage(MngInfo *m { s=GetVirtualPixels(jng_image,0,y,image->columns,1,&image->exception); q=GetAuthenticPixels(image,0,y,image->columns,1,exception); + if ((s == (const PixelPacket *) NULL) || (q == (PixelPacket *) NULL)) + break; (void) CopyMagickMemory(q,s,length); if (SyncAuthenticPixels(image,exception) == MagickFalse) @@ -4734,6 +4751,8 @@ static Image *ReadOneJNGImage(MngInfo *m s=GetVirtualPixels(jng_image,0,y,image->columns,1, &image->exception); q=GetAuthenticPixels(image,0,y,image->columns,1,exception); + if ((s == (const PixelPacket *) NULL) || (q == (PixelPacket *) NULL)) + break; if (image->matte != MagickFalse) for (x=(ssize_t) image->columns; x != 0; x--,q++,s++)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor