1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 6 Mar 2023 19:55:46 -0500
Subject: do not composite SVG to avoid possible recursion
This is part of fix of CVE-2023-1289
origin: https://github.com/ImageMagick/ImageMagick6/commit/75aac79108af0c0b0d7fc88b1f09c340b0d62c85.patch
---
magick/draw.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/magick/draw.c b/magick/draw.c
index 0ab2dde..ce22a42 100644
--- a/magick/draw.c
+++ b/magick/draw.c
@@ -5459,6 +5459,9 @@ MagickExport MagickBooleanType DrawPrimitive(Image *image,
else
if (*primitive_info->text != '\0')
{
+ const MagickInfo
+ *magick_info;
+
MagickStatusType
path_status;
@@ -5471,6 +5474,16 @@ MagickExport MagickBooleanType DrawPrimitive(Image *image,
(void) CopyMagickString(clone_info->filename,primitive_info->text,
MagickPathExtent);
(void) SetImageInfo(clone_info,1,exception);
+ magick_info=GetMagickInfo(clone_info->magick,exception);
+ if ((magick_info != (const MagickInfo*) NULL) &&
+ (LocaleCompare(magick_info->module,"SVG") == 0))
+ {
+ (void) ThrowMagickException(exception,GetMagickModule(),
+ CorruptImageError,"ImageTypeNotSupported","`%s'",
+ clone_info->filename);
+ clone_info=DestroyImageInfo(clone_info);
+ break;
+ }
(void) CopyMagickString(clone_info->filename,primitive_info->text,
MagickPathExtent);
if (clone_info->size != (char *) NULL)
|
