Skip to content
Permalink
Browse files

[FG-VD-19-136] ImageMagick Convert SVG MacOS Denial Of Service

  • Loading branch information...
Cristy
Cristy committed Oct 23, 2019
1 parent 351fd50 commit ec9c8944af2bfc65c697ca44f93a727a99b405f1
Showing with 8 additions and 2 deletions.
  1. +8 −2 coders/svg.c
@@ -65,9 +65,10 @@
#include "MagickCore/module.h"
#include "MagickCore/monitor.h"
#include "MagickCore/monitor-private.h"
#include "MagickCore/quantum-private.h"
#include "MagickCore/option.h"
#include "MagickCore/pixel-accessor.h"
#include "MagickCore/property.h"
#include "MagickCore/quantum-private.h"
#include "MagickCore/resource_.h"
#include "MagickCore/static.h"
#include "MagickCore/string_.h"
@@ -3579,9 +3580,14 @@ static Image *ReadSVGImage(const ImageInfo *image_info,ExceptionInfo *exception)
message[n]='\0';
if (n > 0)
{
const char
*value;

svg_info->parser=xmlCreatePushParserCtxt(sax_handler,svg_info,(char *)
message,n,image->filename);
(void) xmlCtxtUseOptions(svg_info->parser,XML_PARSE_HUGE);
value=GetImageOption(image_info,"svg:xml-parse-huge");
if ((value != (char *) NULL) && (IsStringTrue(value) != MagickFalse))
(void) xmlCtxtUseOptions(svg_info->parser,XML_PARSE_HUGE);
while ((n=ReadBlob(image,MagickPathExtent-1,message)) != 0)
{
message[n]='\0';

0 comments on commit ec9c894

Please sign in to comment.
You can’t perform that action at this time.