File: 0057-CVE-2023-1289-recursion-detection.patch

package info (click to toggle)

imagemagick 8%3A6.9.11.60%2Bdfsg-1.6%2Bdeb12u3

links: PTS, VCS
area: main
in suites: bookworm
size: 76,816 kB
sloc: ansic: 349,503; cpp: 21,804; xml: 11,029; perl: 6,417; sh: 5,877; makefile: 3,042; tcl: 459

file content (23 lines) | stat: -rw-r--r-- 1,003 bytes

parent folder | download | duplicates (2)

From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 6 Mar 2023 15:26:32 -0500
Subject: CVE-2023-1289 recursion detection

origin: https://github.com/ImageMagick/ImageMagick6/commit/706d381b7eb79927d328c96f7b7faab5dc109368
bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-1289
---
 magick/draw.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/magick/draw.c b/magick/draw.c
index 962a42f..918d27f 100644
--- a/magick/draw.c
+++ b/magick/draw.c
@@ -5444,6 +5444,7 @@ MagickExport MagickBooleanType DrawPrimitive(Image *image,
       if (primitive_info->text == (char *) NULL)
         break;
       clone_info=AcquireImageInfo();
+      clone_info->recursion_depth=draw_info->image_info->recursion_depth;
       composite_images=(Image *) NULL;
       if (LocaleNCompare(primitive_info->text,"data:",5) == 0)
         composite_images=ReadInlineImage(clone_info,primitive_info->text,