From 5161a2fbc2fa164299d7199af6065da4059517ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastien=20ROUCARI=C3=88S?= Date: Fri, 7 Nov 2014 21:05:07 +0100 Subject: [PATCH] Avoid crash and DOS with special crafted jpeg file Some special crafted JPEG file could lead to dos due to missing check in embeded EXIF properties (EXIF directory offsets must be greater than 0). Fix CVE-2014-8716. Forwarded: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456 Bug-debian: http://bugs.debian.org/768494 Applied-Upstream: 6.9.9.10 --- magick/property.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/magick/property.c b/magick/property.c index cd3d153..07fbcd0 100644 --- a/magick/property.c +++ b/magick/property.c @@ -1320,6 +1320,8 @@ static MagickBooleanType GetEXIFProperty(const Image *image, The directory entry contains an offset. */ offset=(ssize_t) ReadPropertyLong(endian,q+8); + if ((offset < 0) || (size_t) offset >= length) + continue; if ((offset+number_bytes) < offset) continue; /* prevent overflow */ if ((size_t) (offset+number_bytes) > length) -- 2.1.4