Skip to content
Permalink
Browse files

Evaluate lazy pixel cache morphology to prevent buffer overflow (bug …

…report from Ibrahim M. El-Sayed)
  • Loading branch information...
Cristy
Cristy committed Aug 1, 2016
1 parent e077971 commit 76401e172ea3a55182be2b8e2aca4d07270f6da6
Showing with 8 additions and 0 deletions.
  1. +4 −0 ChangeLog
  2. +4 −0 MagickCore/enhance.c
@@ -1,3 +1,7 @@
2016-07-01 7.0.2-7 Cristy <quetzlzacatenango@image...>
* Evaluate lazy pixel cache morphology to prevent buffer overflow (bug report
from Ibrahim M. El-Sayed).

2016-07-30 7.0.2-6 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.2-6, GIT revision 18651:df24175:20160729.

@@ -1049,6 +1049,8 @@ MagickExport MagickBooleanType ContrastStretchImage(Image *image,
(void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename);
if (SetImageGray(image,exception) != MagickFalse)
(void) SetImageColorspace(image,GRAYColorspace,exception);
if (SyncImagePixelCache(image,exception) == MagickFalse)
return(MagickFalse);
black=(double *) AcquireQuantumMemory(GetPixelChannels(image),sizeof(*black));
white=(double *) AcquireQuantumMemory(GetPixelChannels(image),sizeof(*white));
histogram=(double *) AcquireQuantumMemory(MaxMap+1UL,GetPixelChannels(image)*
@@ -1533,6 +1535,8 @@ MagickExport MagickBooleanType EqualizeImage(Image *image,
#endif
if (image->debug != MagickFalse)
(void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename);
if (SyncImagePixelCache(image,exception) == MagickFalse)
return(MagickFalse);
equalize_map=(double *) AcquireQuantumMemory(MaxMap+1UL,
GetPixelChannels(image)*sizeof(*equalize_map));
histogram=(double *) AcquireQuantumMemory(MaxMap+1UL,GetPixelChannels(image)*

1 comment on commit 76401e1

@fgeek

This comment has been minimized.

Copy link

commented on 76401e1 Aug 5, 2016

CVE request related to this commit http://www.openwall.com/lists/oss-security/2016/08/02/6 and CVE-2016-6520 assigned http://www.openwall.com/lists/oss-security/2016/08/02/10 (for cross-reference).

Please sign in to comment.
You can’t perform that action at this time.