From 568da17ae8d3d452db51dddf10a71741eedfbfc3 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 21 Jul 2018 16:46:40 -0400
Subject: [PATCH] ...

---
 MagickCore/blob.c | 19 +++++++++++++++++++
 coders/mvg.c      |  5 +++++
 2 files changed, 24 insertions(+)

diff --git a/MagickCore/blob.c b/MagickCore/blob.c
index d2956fef9..c90edd8a1 100644
--- a/MagickCore/blob.c
+++ b/MagickCore/blob.c
@@ -1382,6 +1382,14 @@ MagickExport void *FileToBlob(const char *filename,const size_t extent,
   (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",filename);
   assert(exception != (ExceptionInfo *) NULL);
   *length=0;
+  status=IsRightsAuthorized(PathPolicyDomain,ReadPolicyRights,filename);
+  if (status == MagickFalse)
+    {
+      errno=EPERM;
+      (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
+        "NotAuthorized","`%s'",filename);
+      return(NULL);
+    }
   status=GetPathAttributes(filename,&attributes);
   if ((status == MagickFalse) || (S_ISDIR(attributes.st_mode) != 0))
     {
@@ -1568,6 +1576,9 @@ MagickExport MagickBooleanType FileToImage(Image *image,const char *filename,
   int
     file;
 
+  MagickBooleanType
+    *status;
+
   size_t
     length,
     quantum;
@@ -1585,6 +1596,14 @@ MagickExport MagickBooleanType FileToImage(Image *image,const char *filename,
   assert(image->signature == MagickCoreSignature);
   assert(filename != (const char *) NULL);
   (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",filename);
+  status=IsRightsAuthorized(PathPolicyDomain,WritePolicyRights,filename);
+  if (status == MagickFalse)
+    {
+      errno=EPERM;
+      (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
+        "NotAuthorized","`%s'",filename);
+      return(MagickFalse);
+    }
   file=fileno(stdin);
   if (LocaleCompare(filename,"-") != 0)
     file=open_utf8(filename,O_RDONLY | O_BINARY,0);
diff --git a/coders/mvg.c b/coders/mvg.c
index 53e8209d2..cc81d1f19 100644
--- a/coders/mvg.c
+++ b/coders/mvg.c
@@ -231,6 +231,11 @@ static Image *ReadMVGImage(const ImageInfo *image_info,ExceptionInfo *exception)
       draw_info=DestroyDrawInfo(draw_info);
       return(DestroyImageList(image));
     }
+  if (*draw_info->primitive == '@')
+    {
+      draw_info=DestroyDrawInfo(draw_info);
+      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+    }
   (void) DrawImage(image,draw_info,exception);
   (void) SetImageArtifact(image,"MVG",draw_info->primitive);
   draw_info=DestroyDrawInfo(draw_info);
-- 
2.40.0