Package: imagemagick Version: 6:6.0.6.2-1.6 Severity: grave Tags: security patch
Our imagemagick package has a buffer overflow security hole, as described here: http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities I've attached a patch sideported from Ubuntu. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.27 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages imagemagick depends on: ii libmagick6 6:6.0.6.2-1.6 Image manipulation library -- no debconf information -- see shy jo
--- imagemagick-6.0.2.5.orig/coders/psd.c
+++ imagemagick-6.0.2.5/coders/psd.c
@@ -672,6 +672,8 @@
}
(void) ReadBlob(image,6,psd_info.reserved);
psd_info.channels=ReadBlobMSBShort(image);
+ if (psd_info.channels > 24)
+ ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded");
psd_info.rows=ReadBlobMSBLong(image);
psd_info.columns=ReadBlobMSBLong(image);
psd_info.depth=ReadBlobMSBShort(image);
@@ -853,6 +855,8 @@
layer_info[i].page.height=(ReadBlobMSBLong(image)-layer_info[i].page.y);
layer_info[i].page.width=(ReadBlobMSBLong(image)-layer_info[i].page.x);
layer_info[i].channels=ReadBlobMSBShort(image);
+ if (layer_info[i].channels > 24)
+
ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded");
if (image->debug != MagickFalse)
(void) LogMagickEvent(CoderEvent,GetMagickModule(),"
offset(%ld,%ld), size(%ld,%ld), channels=%d",
layer_info[i].page.x, layer_info[i].page.y,
signature.asc
Description: Digital signature
