File ImageMagick-CVE-2019-15139.patch of Package ImageMagick.16887

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2019-15139.patch of Package ImageMagick.16887

Index: ImageMagick-7.0.7-34/coders/xwd.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/xwd.c	2019-09-05 11:33:44.608847055 +0200
+++ ImageMagick-7.0.7-34/coders/xwd.c	2019-09-05 11:37:25.634090180 +0200
@@ -240,6 +240,8 @@ static Image *ReadXWDImage(const ImageIn
     ThrowReaderException(CorruptImageError,"ImproperImageHeader");
   if (header.xoffset >= header.pixmap_width)
     ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+  if ((MagickSizeType) header.xoffset >= GetBlobSize(image))
+    ThrowReaderException(CorruptImageError,"ImproperImageHeader");
   switch (header.visual_class)
   {
     case StaticGray:
@@ -391,6 +393,9 @@ static Image *ReadXWDImage(const ImageIn
       length=(size_t) header.ncolors;
       if (length > ((~0UL)/sizeof(*colors)))
         ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+      length=(size_t) header.ncolors;
+      if (length > ((~0UL)/sizeof(*colors)))
+        ThrowReaderException(CorruptImageError,"ImproperImageHeader");
       colors=(XColor *) AcquireQuantumMemory(length,sizeof(*colors));
       if (colors == (XColor *) NULL)
         {
@@ -692,6 +697,7 @@ ModuleExport size_t RegisterXWDImage(voi
   entry->encoder=(EncodeImageHandler *) WriteXWDImage;
 #endif
   entry->magick=(IsImageFormatHandler *) IsXWD;
+  entry->flags|=CoderDecoderSeekableStreamFlag;
   entry->flags^=CoderAdjoinFlag;
   (void) RegisterMagickInfo(entry);
   return(MagickImageCoderSignature);

Places

File ImageMagick-CVE-2019-15139.patch of Package ImageMagick.16887

Places