packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ImageMagick/CVE-2022-44267_CVE-2022-44268.patch
starlet-dx 7c20a6ad29 Fix CVE-2022-44267 and CVE-2022-44268 
(cherry picked from commit abca3bb7478c94d9a9c7c67e087fe45e5f1e4ee9)
2023-02-09 19:50:21 +08:00

23 lines
885 B
Diff
Raw Blame History

From 05673e63c919e61ffa1107804d1138c46547a475 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 22 Oct 2022 13:28:46 -0400
Subject: [PATCH] possible DoS @ stdin (OCE-2022-70); possible arbitrary file
leak (OCE-2022-72)
---
coders/png.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/coders/png.c b/coders/png.c
index c83d937c93..4f8c8909bf 100644
--- a/coders/png.c
+++ b/coders/png.c
@@ -3980,6 +3980,7 @@ static Image *ReadOnePNGImage(MngInfo *mng_info,
(void) FormatLocaleString(key,MagickPathExtent,"%s",
text[i].key);
if ((LocaleCompare(key,"version") == 0) ||
+ (LocaleCompare(key,"profile") == 0) ||
(LocaleCompare(key,"width") == 0))
(void) FormatLocaleString(key,MagickPathExtent,"png:%s",
text[i].key);
Reference in New Issue View Git Blame Copy Permalink