From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 9 Aug 2018 22:36:55 +0000 (-0400)
Subject: ...
X-Git-Tag: 7.0.8-10~18
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3b7d73b9b631b83b71fadc1289871ce2d5eaad13;p=imagemagick

...
---

diff --git a/ChangeLog b/ChangeLog
index ff2c7d48e..cd4523255 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2018-08-08  7.0.8-10 Cristy  <quetzlzacatenango@image...>
+  * ThumbnailImage function no longer reveals sensitive information (reference
+    https://github.com/ImageMagick/ImageMagick/issues/1243).
+
 2018-08-06  7.0.8-9 Cristy  <quetzlzacatenango@image...>
   * Release ImageMagick version 7.0.8-9, GIT revision 14618:a3663c3dc:20180805.
 
diff --git a/coders/xbm.c b/coders/xbm.c
index 0cc82339f..a974825ad 100644
--- a/coders/xbm.c
+++ b/coders/xbm.c
@@ -132,18 +132,18 @@ static MagickBooleanType IsXBM(const unsigned char *magick,const size_t length)
 */
 
 static int XBMInteger(Image *image,short int *hex_digits)
-{ 
+{
   int
     c;
-  
+
   unsigned int
     value;
-  
+
   /*
     Skip any leading whitespace.
   */
   do
-  { 
+  {
     c=ReadBlobByte(image);
     if (c == EOF)
       return(-1);
@@ -153,14 +153,14 @@ static int XBMInteger(Image *image,short int *hex_digits)
   */
   value=0;
   do
-  { 
-    if (value > (unsigned int) (INT_MAX/10))
-      break;
-    value*=16;
-    c&=0xff;
-    if (value > (unsigned int) (INT_MAX-hex_digits[c]))
-      break;
-    value+=hex_digits[c];
+  {
+    if (value <= (unsigned int) (INT_MAX/16))
+      {
+        value*=16;
+        c&=0xff;
+        if (value <= (unsigned int) (INT_MAX-hex_digits[c]))
+          value+=hex_digits[c];
+      }
     c=ReadBlobByte(image);
     if (c == EOF)
       return(-1);