File: CVE-2025-46393.patch

package info (click to toggle)

imagemagick 8%3A7.1.1.43%2Bdfsg1-1%2Bdeb13u3

links: PTS, VCS
area: main
in suites: trixie
size: 96,160 kB
sloc: ansic: 370,601; cpp: 22,835; xml: 11,549; perl: 6,280; sh: 6,203; makefile: 3,484; tcl: 459

file content (36 lines) | stat: -rw-r--r-- 1,704 bytes

From: Cristy <urban-warrior@imagemagick.org>
Date: Fri, 7 Feb 2025 20:57:15 -0500
Subject: multispectral MIFF images renders all channels in arbitrary order

origin: https://github.com/ImageMagick/ImageMagick/commit/81ac8a0d2eb21739842ed18c48c7646b7eef65b8
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2025-46393
---
 coders/miff.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/coders/miff.c b/coders/miff.c
index 887659e..47fa753 100644
--- a/coders/miff.c
+++ b/coders/miff.c
@@ -1348,10 +1348,10 @@ static Image *ReadMIFFImage(const ImageInfo *image_info,
       packet_size+=image->depth/8;
     if (image->colorspace == CMYKColorspace)
       packet_size+=image->depth/8;
+    if (image->number_meta_channels != 0)
+      packet_size=GetImageChannels(image)*image->depth/8;
     if (image->compression == RLECompression)
       packet_size++;
-    if (image->number_meta_channels != 0)
-      packet_size+=image->number_meta_channels*image->depth/8;
     compress_extent=MagickMax(MagickMax(BZipMaxExtent(packet_size*
       image->columns),LZMAMaxExtent(packet_size*image->columns)),
       ZipMaxExtent(packet_size*image->columns));
@@ -2172,7 +2172,7 @@ static MagickBooleanType WriteMIFFImage(const ImageInfo *image_info,
     if (compression == RLECompression)
       packet_size++;
     if (image->number_meta_channels != 0)
-      packet_size+=image->number_meta_channels*image->depth/8;
+      packet_size=GetImageChannels(image)*image->depth/8;
     length=MagickMax(BZipMaxExtent(packet_size*image->columns),ZipMaxExtent(
       packet_size*image->columns));
     if ((compression == BZipCompression) || (compression == ZipCompression))