Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
ImageMagick.29424
ImageMagick-CVE-2018-20467.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2018-20467.patch of Package ImageMagick.29424
Index: ImageMagick-6.8.8-1/coders/bmp.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/bmp.c 2019-01-03 09:43:41.460039125 +0100 +++ ImageMagick-6.8.8-1/coders/bmp.c 2019-01-03 09:47:41.729121745 +0100 @@ -657,6 +657,8 @@ static Image *ReadBMPImage(const ImageIn bmp_info.x_pixels=ReadBlobLSBLong(image); bmp_info.y_pixels=ReadBlobLSBLong(image); bmp_info.number_colors=ReadBlobLSBLong(image); + if ((MagickSizeType) bmp_info.number_colors > GetBlobSize(image)) + ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile"); bmp_info.colors_important=ReadBlobLSBLong(image); if (bmp_info.number_colors > GetBlobSize(image)) ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile"); @@ -1390,13 +1392,12 @@ static Image *ReadBMPImage(const ImageIn if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; + offset=(MagickOffsetType) bmp_info.ba_offset; + if (offset != 0) + if ((offset < TellBlob(image)) || + (SeekBlob(image,offset,SEEK_SET) != offset)) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); *magick='\0'; - if (bmp_info.ba_offset != 0) - { - offset=SeekBlob(image,(MagickOffsetType) bmp_info.ba_offset,SEEK_SET); - if (offset < 0) - ThrowReaderException(CorruptImageError,"ImproperImageHeader"); - } count=ReadBlob(image,2,magick); if ((count == 2) && (IsBMP(magick,2) != MagickFalse)) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor