Package: imagemagick Severity: important Tags: security patch imagemagick can be tricked into an endless loop through xwd images with crafted images. Attached patch, as found in Ubuntu's fix and originally taken from upstream's SVN, fixes this issue.
Cheers, Moritz -- System Information: Debian Release: 3.0 Architecture: i386 Kernel: Linux anton 2.4.29-univention.1 #1 SMP Thu Jan 27 17:08:46 CET 2005 i686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] -- debconf-show failed
--- imagemagick-6.0.6.2.orig/coders/xwd.c +++ imagemagick-6.0.6.2/coders/xwd.c @@ -345,21 +345,21 @@ */ red_mask=ximage->red_mask; red_shift=0; - while ((red_mask & 0x01) == 0) + while ((red_mask != 0) && (red_mask & 0x01) == 0) { red_mask>>=1; red_shift++; } green_mask=ximage->green_mask; green_shift=0; - while ((green_mask & 0x01) == 0) + while ((green_mask != 0) && (green_mask & 0x01) == 0) { green_mask>>=1; green_shift++; } blue_mask=ximage->blue_mask; blue_shift=0; - while ((blue_mask & 0x01) == 0) + while ((blue_mask != 0) && (blue_mask & 0x01) == 0) { blue_mask>>=1; blue_shift++;