From: Cristy <urban-warrior@imagemagick.org>
Date: Tue, 27 Nov 2018 22:20:13 +0000 (-0500)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11575
X-Git-Tag: 7.0.8-15~26
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6fc0a9e8f8d6fb9228c30e879ce4d55d71545040;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11575
---

diff --git a/coders/cube.c b/coders/cube.c
index 7885eb156..9d8a48563 100644
--- a/coders/cube.c
+++ b/coders/cube.c
@@ -71,7 +71,7 @@
 %                                                                             %
 %                                                                             %
 %                                                                             %
-%   R e a d H A L D I m a g e                                                 %
+%   R e a d C U B E I m a g e                                                 %
 %                                                                             %
 %                                                                             %
 %                                                                             %
@@ -161,12 +161,16 @@ static Image *ReadCUBEImage(const ImageInfo *image_info,
     if (LocaleCompare(token,"LUT_1D_SIZE") == 0)
       {
         red_columns=(ssize_t) StringToLong(value);
+        if (red_columns > 65535)
+          ThrowReaderException(CorruptImageError,"ImproperImageHeader");
         green_columns=1;
         blue_rows=1;
       }
     if (LocaleCompare(token,"LUT_3D_SIZE") == 0)
       {
         red_columns=(ssize_t) StringToLong(value);
+        if (red_columns > 256)
+          ThrowReaderException(CorruptImageError,"ImproperImageHeader");
         green_columns=red_columns;
         blue_rows=red_columns;
       }