From b61b7f4f0e705b6a9a9ba8b8af898a406b0fc87e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastien=20ROUCARI=C3=88S?= Date: Fri, 7 Nov 2014 21:05:07 +0100 Subject: [PATCH] Avoid crash and DOS with special crafted jpeg file Some special crafted JPEG file could lead to dos due to missing check in embeded EXIF properties (EXIF directory offsets must be greater than 0). Fix CVE-2014-8716. Forwarded: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456 Bug-debian: http://bugs.debian.org/768494 Applied-Upstream: 6.9.9.10 --- magick/property.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/magick/property.c b/magick/property.c index 25eb7656a..c9c81d4c5 100644 --- a/magick/property.c +++ b/magick/property.c @@ -1321,6 +1321,8 @@ static MagickBooleanType GetEXIFProperty(const Image *image, The directory entry contains an offset. */ offset=(ssize_t) ((int) ReadPropertyLong(endian,q+8)); + if ((offset < 0) || (size_t) offset >= length) + continue; if ((ssize_t) (offset+number_bytes) < offset) continue; /* prevent overflow */ if ((size_t) (offset+number_bytes) > length)