rpms/ImageMagick/FC-6 ImageMagick-6.2.8-cve-2006-5456.patch, NONE, 1.1 ImageMagick.spec, 1.67, 1.68
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Nov 22 01:38:19 UTC 2006
Author: nmurray
Update of /cvs/dist/rpms/ImageMagick/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv24375
Modified Files:
ImageMagick.spec
Added Files:
ImageMagick-6.2.8-cve-2006-5456.patch
Log Message:
fix BZ 210921
ImageMagick-6.2.8-cve-2006-5456.patch:
dcm.c | 2 +-
palm.c | 6 +++++-
2 files changed, 6 insertions(+), 2 deletions(-)
--- NEW FILE ImageMagick-6.2.8-cve-2006-5456.patch ---
--- ImageMagick-6.2.8/coders/dcm.c~ 2004-08-30 07:33:02.000000000 +1000
+++ ImageMagick-6.2.8/coders/dcm.c 2006-11-02 16:10:42.000000000 +1000
@@ -3027,7 +3027,7 @@ static Image *ReadDCMImage(const ImageIn
/*
Photometric interpretation.
*/
- for (i=0; i < (long) length; i++)
+ for (i=0; i < (long) Min(length, MaxTextExtent-1); i++)
photometric[i]=(char) data[i];
photometric[i]='\0';
break;
--- ImageMagick-6.2.8/coders/palm.c~ 2006-11-15 16:41:41.000000000 +1000
+++ ImageMagick-6.2.8/coders/palm.c 2006-11-15 16:44:09.000000000 +1000
@@ -399,7 +399,7 @@ static Image *ReadPALMImage(const ImageI
for (i=0; i < (long) bytes_per_row; )
{
count=ReadBlobByte(image);
- byte=ReadBlobByte(image);
+ byte=Min(ReadBlobByte(image),bytes_per_row-i);
(void) ResetMagickMemory(one_row+i,(int) byte,count);
i+=count;
}
@@ -431,6 +431,8 @@ static Image *ReadPALMImage(const ImageI
indexes=GetIndexes(image);
if (bits_per_pixel == 16)
{
+ if (image->columns > 2*bytes_per_row)
+ ThrowReaderException(CorruptImageError,"CorruptImage");
for (x=0; x < (long) image->columns; x++)
{
color16=(*ptr++ << 8);
@@ -447,6 +449,8 @@ static Image *ReadPALMImage(const ImageI
bit=8-bits_per_pixel;
for (x=0; x < (long) image->columns; x++)
{
+ if (ptr - one_row >= bytes_per_row)
+ ThrowReaderException(CorruptImageError,"CorruptImage");
index=(IndexPacket) (mask-(((*ptr) & (mask << bit)) >> bit));
indexes[x]=index;
*q++=image->colormap[index];
Index: ImageMagick.spec
===================================================================
RCS file: /cvs/dist/rpms/ImageMagick/FC-6/ImageMagick.spec,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- ImageMagick.spec 23 Aug 2006 07:05:22 -0000 1.67
+++ ImageMagick.spec 22 Nov 2006 01:38:17 -0000 1.68
@@ -9,7 +9,7 @@
%else
Version: %{VER}
%endif
-Release: 3%{?dist}
+Release: 3%{?dist}.1
License: freeware
Group: Applications/Multimedia
%if "%{Patchlevel}" != ""
@@ -24,6 +24,8 @@
Patch3: ImageMagick-6.2.8-cve-2006-3743.patch
# 202771
Patch4: ImageMagick-6.2.8-cve-2006-4144.patch
+#
+Patch5: ImageMagick-6.2.8-cve-2006-5456.patch
Url: http://www.imagemagick.org/
@@ -123,6 +125,7 @@
%patch2 -p1 -b .multilib
%patch3 -p1 -b .cve-2006-3743
%patch4 -p1 -b .cve-2006-4144
+%patch5 -p1 -b .cve-2006-5456
%build
%configure --enable-shared \
@@ -258,6 +261,9 @@
%doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt
%changelog
+* Wed Nov 15 2006 Norm Murray <nmurray at redhat.com> - 6.2.8.0-3.fc6.1
+- fix more overflows (#210921, CVE-2006-5456)
+
* Wed Aug 23 2006 Matthias Clasen <mclasen at redhat.com> - 6.2.8.0-3.fc6
- fix several integer and buffer overflows (#202193, CVE-2006-3743)
- fix more integer overflows (#202771, CVE-2006-4144)
More information about the fedora-cvs-commits
mailing list