packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ImageMagick/CVE-2019-18853.patch
wang_yue111 aba61317a6 Fix CVE-2019-18853 CVE-2020-27755
2021-04-13 04:01:21 +08:00

46 lines
1.5 KiB
Diff
Raw Blame History

From 0e28baf9bcb3e2e759f51cd0d74750e5e195b1aa Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Wed, 23 Oct 2019 06:01:08 -0400
Subject: [PATCH] [FG-VD-19-136] ImageMagick Convert SVG MacOS Denial Of
Service
---
coders/svg.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/coders/svg.c b/coders/svg.c
index 1fee4b8..26ac308 100644
--- a/coders/svg.c
+++ b/coders/svg.c
@@ -66,9 +66,10 @@
#include "magick/monitor.h"
#include "magick/monitor-private.h"
#include "magick/pixel-accessor.h"
-#include "magick/quantum-private.h"
+#include "magick/option.h"
#include "magick/pixel-private.h"
#include "magick/property.h"
+#include "magick/quantum-private.h"
#include "magick/resource_.h"
#include "magick/static.h"
#include "magick/string_.h"
@@ -3579,9 +3580,14 @@ static Image *ReadSVGImage(const ImageInfo *image_info,ExceptionInfo *exception)
message[n]='\0';
if (n > 0)
{
+ const char
+ *value;
+
svg_info->parser=xmlCreatePushParserCtxt(sax_handler,svg_info,(char *)
message,n,image->filename);
- (void) xmlCtxtUseOptions(svg_info->parser,XML_PARSE_HUGE);
+ value=GetImageOption(image_info,"svg:xml-parse-huge");
+ if ((value != (char *) NULL) && (IsStringTrue(value) != MagickFalse))
+ (void) xmlCtxtUseOptions(svg_info->parser,XML_PARSE_HUGE);
while ((n=ReadBlob(image,MaxTextExtent-1,message)) != 0)
{
message[n]='\0';
--
2.30.0
Reference in New Issue View Git Blame Copy Permalink