Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
ImageMagick.30956
ImageMagick-CVE-2017-13769.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2017-13769.patch of Package ImageMagick.30956
From 73e085bd8a77541fb9faf0584951783fdeac97f2 Mon Sep 17 00:00:00 2001 From: Cristy <urban-warrior@imagemagick.org> Date: Tue, 29 Aug 2017 07:02:24 -0400 Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/705 --- coders/thumbnail.c | 2 ++ 1 file changed, 2 insertions(+) Index: ImageMagick-6.8.8-1/coders/thumbnail.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/thumbnail.c 2013-12-01 15:47:50.000000000 +0100 +++ ImageMagick-6.8.8-1/coders/thumbnail.c 2017-11-07 08:31:02.592817828 +0100 @@ -178,7 +178,7 @@ static MagickBooleanType WriteTHUMBNAILI offset; unsigned char - magick[MaxTextExtent]; + *q; profile=GetImageProfile(image,"exif"); if (profile == (const StringInfo *) NULL) @@ -187,21 +187,22 @@ static MagickBooleanType WriteTHUMBNAILI if (property == (const char *) NULL) ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail"); offset=(ssize_t) StringToLong(property); + if (offset < 0) + ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail"); property=GetImageProperty(image,"exif:JPEGInterchangeFormatLength"); if (property == (const char *) NULL) ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail"); length=(size_t) StringToLong(property); - (void) ResetMagickMemory(magick,0,sizeof(magick)); - for (i=0; i < (ssize_t) length; i++) + q=GetStringInfoDatum(profile)+offset; + for (i=offset; i < (ssize_t) GetStringInfoLength(profile) - 3; i++) { - magick[0]=magick[1]; - magick[1]=magick[2]; - magick[2]=GetStringInfoDatum(profile)[offset+i]; - if (memcmp(magick,"\377\330\377",3) == 0) + if (memcmp(q,"\377\330\377",3) == 0) break; + q++; } - thumbnail_image=BlobToImage(image_info,GetStringInfoDatum(profile)+offset+i-2, - length,&image->exception); + if ((q+length) > (GetStringInfoDatum(profile)+GetStringInfoLength(profile))) + ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail"); + thumbnail_image=BlobToImage(image_info,q,length,&image->exception); if (thumbnail_image == (Image *) NULL) return(MagickFalse); (void) SetImageType(thumbnail_image,thumbnail_image->matte == MagickFalse ?
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor