1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
From: Cristy <urban-warrior@imagemagick.org>
Date: Tue, 22 Mar 2022 20:11:27 -0400
Subject: CVE-2022-1115: heap based overflow with a specially crafted TIFF
image
bug: https://github.com/ImageMagick/ImageMagick/issues/4974
origin: https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51
---
coders/tiff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/coders/tiff.c b/coders/tiff.c
index ac2771a..f545c4e 100644
--- a/coders/tiff.c
+++ b/coders/tiff.c
@@ -1970,7 +1970,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
number_pixels=(MagickSizeType) columns*rows;
if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
- extent=MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
+ extent=4*MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
#if defined(TIFF_VERSION_BIG)
extent+=image->columns*sizeof(uint64);
#else
|
