From 3b7d73b9b631b83b71fadc1289871ce2d5eaad13 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 9 Aug 2018 18:36:55 -0400
Subject: [PATCH] ...

---
 ChangeLog    |  4 ++++
 coders/xbm.c | 24 ++++++++++++------------
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ff2c7d48e..cd4523255 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2018-08-08  7.0.8-10 Cristy  <quetzlzacatenango@image...>
+  * ThumbnailImage function no longer reveals sensitive information (reference
+    https://github.com/ImageMagick/ImageMagick/issues/1243).
+
 2018-08-06  7.0.8-9 Cristy  <quetzlzacatenango@image...>
   * Release ImageMagick version 7.0.8-9, GIT revision 14618:a3663c3dc:20180805.
 
diff --git a/coders/xbm.c b/coders/xbm.c
index 0cc82339f..a974825ad 100644
--- a/coders/xbm.c
+++ b/coders/xbm.c
@@ -132,18 +132,18 @@ static MagickBooleanType IsXBM(const unsigned char *magick,const size_t length)
 */
 
 static int XBMInteger(Image *image,short int *hex_digits)
-{ 
+{
   int
     c;
-  
+
   unsigned int
     value;
-  
+
   /*
     Skip any leading whitespace.
   */
   do
-  { 
+  {
     c=ReadBlobByte(image);
     if (c == EOF)
       return(-1);
@@ -153,14 +153,14 @@ static int XBMInteger(Image *image,short int *hex_digits)
   */
   value=0;
   do
-  { 
-    if (value > (unsigned int) (INT_MAX/10))
-      break;
-    value*=16;
-    c&=0xff;
-    if (value > (unsigned int) (INT_MAX-hex_digits[c]))
-      break;
-    value+=hex_digits[c];
+  {
+    if (value <= (unsigned int) (INT_MAX/16))
+      {
+        value*=16;
+        c&=0xff;
+        if (value <= (unsigned int) (INT_MAX-hex_digits[c]))
+          value+=hex_digits[c];
+      }
     c=ReadBlobByte(image);
     if (c == EOF)
       return(-1);
-- 
2.40.0