aboutsummaryrefslogtreecommitdiffstats
path: root/community/graphicsmagick/CVE-2017-12935.patch
diff options
context:
space:
mode:
Diffstat (limited to 'community/graphicsmagick/CVE-2017-12935.patch')
-rw-r--r--community/graphicsmagick/CVE-2017-12935.patch35
1 files changed, 35 insertions, 0 deletions
diff --git a/community/graphicsmagick/CVE-2017-12935.patch b/community/graphicsmagick/CVE-2017-12935.patch
new file mode 100644
index 0000000000..650c28d3df
--- /dev/null
+++ b/community/graphicsmagick/CVE-2017-12935.patch
@@ -0,0 +1,35 @@
+
+# HG changeset patch
+# User Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
+# Date 1501123201 14400
+# Node ID cd699a44f188acf23493c969ef2d3f9fa7c8f8df
+# Parent be898b7c97bd855fc6fa0cef983faae916bd0c93
+Reject MNG with too-large dimensions (over 65535)
+
+diff -r be898b7c97bd -r cd699a44f188 coders/png.c
+--- a/coders/png.c Wed Jul 26 19:47:56 2017 -0500
++++ b/coders/png.c Wed Jul 26 22:40:01 2017 -0400
+@@ -4084,11 +4084,17 @@
+ mng_info->image=image;
+ }
+
+- if ((mng_info->mng_width > 65535L) || (mng_info->mng_height
+- > 65535L))
+- (void) ThrowException(&image->exception,ImageError,
+- WidthOrHeightExceedsLimit,
+- image->filename);
++ if ((mng_info->mng_width > 65535L) ||
++ (mng_info->mng_height > 65535L))
++ {
++ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++ " MNG width or height is too large: %lu, %lu",
++ mng_info->mng_width,mng_info->mng_height);
++ MagickFreeMemory(chunk);
++ ThrowReaderException(CorruptImageError,
++ ImproperImageHeader,image);
++ }
++
+ FormatString(page_geometry,"%lux%lu+0+0",mng_info->mng_width,
+ mng_info->mng_height);
+ mng_info->frame.left=0;
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-17 22:49:05 +0000