File: 0062-heap-buffer-overflow-in-ImageMagick-7.1.1-12-contrib.patch

package info (click to toggle)

imagemagick 8%3A6.9.11.60%2Bdfsg-1.6%2Bdeb12u4

links: PTS, VCS
area: main
in suites: bookworm-proposed-updates
size: 79,176 kB
sloc: ansic: 349,540; cpp: 21,804; xml: 11,029; perl: 6,417; sh: 5,877; makefile: 3,042; tcl: 459

file content (25 lines) | stat: -rw-r--r-- 1,072 bytes

parent folder | download | duplicates (3)

From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 26 Jun 2023 19:39:43 -0400
Subject: heap-buffer-overflow in ImageMagick <= 7.1.1-12,
 contributed by Hardik shah of Vehere (Dawn Treaders team)

origin: https://github.com/ImageMagick/ImageMagick6/commit/0d00400727170b0540a355a1bc52787bc7bcdea5

This fix CVE-2023-3428
---
 coders/tiff.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/coders/tiff.c b/coders/tiff.c
index 9b06c24..12bea21 100644
--- a/coders/tiff.c
+++ b/coders/tiff.c
@@ -1971,7 +1971,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
         number_pixels=(MagickSizeType) columns*rows;
         if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
-        extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff),
+        extent=4*(samples_per_pixel+1)*MagickMax((rows+1)*TIFFTileRowSize(tiff),
           TIFFTileSize(tiff));
 #if defined(TIFF_VERSION_BIG)
         extent+=image->columns*sizeof(uint64);