Bugzilla – Attachment 27707 Details for
Bug 64839
VUL-0: CVE-2005-0005: ImageMagick heap overflow
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
mainstream patch
ImageMagick-6.0.7-psd.patch (text/x-diff), 1.18 KB, created by
Vladimir Nadvornik
on 2005-01-18 18:31:56 UTC
(
hide
)
Description:
mainstream patch
Filename:
MIME Type:
Creator:
Vladimir Nadvornik
Created:
2005-01-18 18:31:56 UTC
Size:
1.18 KB
patch
obsolete
>--- psd.c 2004-07-16 17:18:50.000000000 +0200 >+++ psd.c.new 2005-01-14 18:57:10.000000000 +0100 >@@ -508,6 +510,8 @@ > > static Image *ReadPSDImage(const ImageInfo *image_info,ExceptionInfo *exception) > { >+#define MaxPSDChannels 24 >+ > typedef struct _ChannelInfo > { > short int >@@ -527,7 +531,7 @@ > channels; > > ChannelInfo >- channel_info[24]; >+ channel_info[MaxPSDChannels]; > > char > blendkey[4]; >@@ -656,4 +657,6 @@ > (void) ReadBlob(image,6,psd_info.reserved); > psd_info.channels=ReadBlobMSBShort(image); >+ if (psd_info.channels > MaxPSDChannels) >+ ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded"); > psd_info.rows=ReadBlobMSBLong(image); > psd_info.columns=ReadBlobMSBLong(image); >@@ -840,4 +829,6 @@ > layer_info[i].page.width=(ReadBlobMSBLong(image)-layer_info[i].page.x); > layer_info[i].channels=ReadBlobMSBShort(image); >+ if (layer_info[i].channels > MaxPSDChannels) >+ ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded"); > if (image->debug != MagickFalse) > (void) LogMagickEvent(CoderEvent,GetMagickModule()," offset(%ld,%ld), size(%ld,%ld), channels=%d",
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=27707">View the attachment on a separate page</a>.</b>
Actions:
View
Attachments on
bug 64839
: 27707