Projects
Mega:24.03:SP1:Everything
ImageMagick
_service:tar_scm:CVE-2023-5341.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2023-5341.patch of Package ImageMagick
From 97b99a741321c9a89491ebb6dab66d1215413595 Mon Sep 17 00:00:00 2001 From: Cristy <urban-warrior@imagemagick.org> Date: Sat, 7 Oct 2023 10:22:57 +0800 Subject: [PATCH] check for BMP file size, poc provided by Hardik Shah of Vehere (Dawn Treaders team) --- coders/bmp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/coders/bmp.c b/coders/bmp.c index 8ff76bb..bb9ce2f 100644 --- a/coders/bmp.c +++ b/coders/bmp.c @@ -629,6 +629,9 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception) " BMP header size: %u",bmp_info.size); if (bmp_info.size > 124) ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if ((bmp_info.file_size != 0) && + ((MagickSizeType) bmp_info.file_size > GetBlobSize(image))) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); if (bmp_info.offset_bits < bmp_info.size) ThrowReaderException(CorruptImageError,"ImproperImageHeader"); bmp_info.offset_bits=MagickMax(14+bmp_info.size,bmp_info.offset_bits); -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2