31 lines
1.2 KiB
Diff
31 lines
1.2 KiB
Diff
From 3c5188b41902a909e163492fb0c19e49efefcefe Mon Sep 17 00:00:00 2001
|
|
From: Cristy <urban-warrior@imagemagick.org>
|
|
Date: Sat, 22 Oct 2022 13:28:51 -0400
|
|
Subject: [PATCH] possible DoS @ stdin (OCE-2022-70); possible arbitrary file
|
|
leak (OCE-2022-72)
|
|
|
|
---
|
|
coders/png.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/coders/png.c b/coders/png.c
|
|
index dae894d9c..887827636 100644
|
|
--- a/coders/png.c
|
|
+++ b/coders/png.c
|
|
@@ -3793,13 +3793,14 @@ static Image *ReadOnePNGImage(MngInfo *mng_info,
|
|
*/
|
|
if (!png_get_valid(ping,ping_info,PNG_INFO_pHYs) ||
|
|
(LocaleCompare(text[i].key,"density") != 0 &&
|
|
- LocaleCompare(text[i].key,"units") != 0))
|
|
+ LocaleCompare(text[i].key,"units") != 0))
|
|
{
|
|
char
|
|
key[MaxTextExtent];
|
|
|
|
(void) FormatLocaleString(key,MaxTextExtent,"%s",text[i].key);
|
|
if ((LocaleCompare(key,"version") == 0) ||
|
|
+ (LocaleCompare(key,"profile") == 0) ||
|
|
(LocaleCompare(key,"width") == 0))
|
|
(void) FormatLocaleString(key,MagickPathExtent,"png:%s",
|
|
text[i].key);
|