Bug 150325

Summary: CAN-2005-0761 Bug in parsing PSD files
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: ImageMagickAssignee: Matthias Clasen <mclasen>
Status: CLOSED CURRENTRELEASE QA Contact: Mike McLean <mikem>
Severity: low Docs Contact:
Priority: medium    
Version: 2Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20040609,source=vendorsec,reported=20050304
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-03-19 02:54:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2005-03-04 16:52:52 UTC 
+++ This bug was initially created as a clone of Bug #150323 +++

This issue consists of two bugs:

- conversion from and to quantum, it probably worked only for quantumdepth=8,
  but ImageMagick was compiled with quantumdepth=16.
  The attached patch fixes it.

- The function ReadBlobByte returns values in range 0-255 or (int)-1 on EOF.
  The return value -1 is not checked on many places. The patch
  adds some type conversion, so that it does not crash on issue3.psd.
  However it could crash elsewhere.

The patch for this issue is attachment 111669 [details]
The demo exploit for this issue is attachment 111670 [details]
Comment 1 Matthias Clasen 2005-03-19 02:54:26 UTC 
Fixed by moving to 6.2.0