45c8317c00
CVE-2018-18544 CVE-2019-7397 CVE-2019-11005 CVE-2019-11006 CVE-2019-11010 CVE-2019-12921 CVE-2020-10938 CVE-2020-12672
49 lines
1.9 KiB
Diff
49 lines
1.9 KiB
Diff
From a5646313975525c598527269bbfe4524909275f3 Mon Sep 17 00:00:00 2001
|
|
From: maminjie <maminjie1@huawei.com>
|
|
Date: Sat, 19 Sep 2020 17:59:51 +0800
|
|
Subject: [PATCH] MNG: Fix small heap overwrite or assertion if magnifying and
|
|
image to be magnified has rows or columns == 1. (CVE-2020-12672)
|
|
|
|
refers to http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/50395430a371
|
|
---
|
|
coders/png.c | 23 ++++++++++++++++++++++-
|
|
1 file changed, 22 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/coders/png.c b/coders/png.c
|
|
index ebb0a4a..b8b6c2b 100644
|
|
--- a/coders/png.c
|
|
+++ b/coders/png.c
|
|
@@ -5571,7 +5571,28 @@ static Image *ReadMNGImage(const ImageInfo *image_info,
|
|
|
|
if (logging)
|
|
(void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
|
- " Processing MNG MAGN chunk");
|
|
+ " Processing MNG MAGN chunk: MB=%u, ML=%u,"
|
|
+ " MR=%u, MT=%u, MX=%u, MY=%u,"
|
|
+ " X_method=%u, Y_method=%u",
|
|
+ mng_info->magn_mb,mng_info->magn_ml,
|
|
+ mng_info->magn_mr,mng_info->magn_mt,
|
|
+ mng_info->magn_mx,mng_info->magn_my,
|
|
+ mng_info->magn_methx,
|
|
+ mng_info->magn_methy);
|
|
+
|
|
+ /*
|
|
+ If the image width is 1, then X magnification is done
|
|
+ by simple pixel replication.
|
|
+ */
|
|
+ if (image->columns == 1)
|
|
+ mng_info->magn_methx = 1;
|
|
+
|
|
+ /*
|
|
+ If the image height is 1, then Y magnification is done
|
|
+ by simple pixel replication.
|
|
+ */
|
|
+ if (image->rows == 1)
|
|
+ mng_info->magn_methy = 1;
|
|
|
|
if (mng_info->magn_methx == 1)
|
|
{
|
|
--
|
|
2.23.0
|
|
|