From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 25 Mar 2018 01:27:09 +0000 (-0400)
Subject: ...
X-Git-Tag: 7.0.7-28~10
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9c63f6d3aaa819f7aad5c0b951650f9a16ece410;p=imagemagick
...
---
diff --git a/ChangeLog b/ChangeLog
index a50a0542d..815b5b50d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2018-03-24 7.0.7-28 Cristy <quetzlzacatenango@image...>
+ * Release ImageMagick version 7.0.7-28, GIT revision 23594:9615da064:20180324.
+
2018-03-21 7.0.7-28 <quetzlzacatenango@image...>
* Fixed numerous use of uninitialized values, integer overflow, memory
exceeded, and timeouts (credit to OSS Fuzz).
diff --git a/coders/dcm.c b/coders/dcm.c
index 34f796189..c8b50070b 100644
--- a/coders/dcm.c
+++ b/coders/dcm.c
@@ -3412,6 +3412,8 @@ static Image *ReadDCMImage(const ImageInfo *image_info,ExceptionInfo *exception)
Samples per pixel.
*/
info.samples_per_pixel=(size_t) datum;
+ if ((info.samples_per_pixel == 0) || (info.samples_per_pixel > 4))
+ ThrowDCMException(CorruptImageError,"ImproperImageHeader");
break;
}
case 0x0004:
@@ -3791,7 +3793,7 @@ static Image *ReadDCMImage(const ImageInfo *image_info,ExceptionInfo *exception)
{
if (stream_info->offsets != (ssize_t *) NULL)
stream_info->offsets=(ssize_t *) RelinquishMagickMemory(
- stream_info->offsets);
+ stream_info->offsets);
stream_info->offsets=(ssize_t *) AcquireQuantumMemory(
stream_info->offset_count,sizeof(*stream_info->offsets));
if (stream_info->offsets == (ssize_t *) NULL)
@@ -3908,7 +3910,7 @@ static Image *ReadDCMImage(const ImageInfo *image_info,ExceptionInfo *exception)
Compute pixel scaling table.
*/
length=(size_t) (GetQuantumRange(info.depth)+1);
- if (length > GetBlobSize(image))
+ if (length > GetBlobSize(image))
ThrowDCMException(CorruptImageError,"InsufficientImageDataInFile");
info.scale=(Quantum *) AcquireQuantumMemory(MagickMax(length,256),
sizeof(*info.scale));