Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
ImageMagick.18189
ImageMagick-CVE-2023-5341.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2023-5341.patch of Package ImageMagick.18189
From aa673b2e4defc7cad5bec16c4fc8324f71e531f1 Mon Sep 17 00:00:00 2001 From: Cristy <urban-warrior@imagemagick.org> Date: Sun, 24 Sep 2023 07:28:19 -0400 Subject: [PATCH] check for BMP file size, poc provided by Hardik Shah of Vehere (Dawn Treaders team) --- coders/bmp.c | 3 +++ 1 file changed, 3 insertions(+) Index: ImageMagick-7.0.7-34/coders/bmp.c =================================================================== --- ImageMagick-7.0.7-34.orig/coders/bmp.c +++ ImageMagick-7.0.7-34/coders/bmp.c @@ -613,6 +613,9 @@ static Image *ReadBMPImage(const ImageIn (LocaleNCompare((char *) magick,"CI",2) != 0))) ThrowReaderException(CorruptImageError,"ImproperImageHeader"); bmp_info.file_size=ReadBlobLSBLong(image); + if ((bmp_info.file_size != 0) && + ((MagickSizeType) bmp_info.file_size > GetBlobSize(image))) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); (void) ReadBlobLSBLong(image); bmp_info.offset_bits=ReadBlobLSBLong(image); bmp_info.size=ReadBlobLSBLong(image);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor