From: Cristy Date: Mon, 31 Jan 2022 09:44:05 -0500 Subject: VID images not permitted when compositing This fix followup of CVE-2023-1289 origin: https://github.com/ImageMagick/ImageMagick6/commit/f4529c0dcf3a8f96c438086b28fbef8338cda0b1.patch --- magick/draw.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/magick/draw.c b/magick/draw.c index a8fcb91..0ab2dde 100644 --- a/magick/draw.c +++ b/magick/draw.c @@ -5489,8 +5489,9 @@ MagickExport MagickBooleanType DrawPrimitive(Image *image, } else if ((LocaleCompare(clone_info->magick,"ftp") != 0) && + (LocaleCompare(clone_info->magick,"http") != 0) && (LocaleCompare(clone_info->magick,"https") != 0) && - (LocaleCompare(clone_info->magick,"http") != 0)) + (LocaleCompare(clone_info->magick,"vid") != 0)) composite_images=ReadImage(clone_info,exception); else (void) ThrowMagickException(exception,GetMagickModule(),