a5268469a0
Close the blob before the dimensions are checked.
2026-05-24 18:29:42 +02:00
44df3a54af
Added extra checks to prevent an overflow on 32-bit systems (GHSA-4v89-6mgq-6rgc)
2026-05-24 10:01:48 +02:00
e341fd91d5
remove extraneous heap check
2026-05-23 17:12:37 -04:00
b01c173c80
Also close the image blob to make sure we close it properly.
2026-05-23 17:03:01 +02:00
fc4321f0fe
Silenced warning.
2026-05-23 16:30:38 +02:00
2fd447c547
reject farbfeld files with zero columns or rows ( #8750 )
...
The header dimensions are read directly from the blob and then control
the ping early-return path, which lets a 16-byte file with width=0 or
height=0 succeed and surface as a 0x0 image to callers. SetImageExtent
already rejects this on the non-ping path. Same bug class as the recent
DCM fix in 84fbcef
2026-05-23 16:23:33 +02:00
6b0d497c9a
revert
2026-05-23 07:51:52 -04:00
fee84f28db
adjust heap overflow check
2026-05-22 22:03:07 -04:00
6987ef0a23
increase increment
2026-05-22 22:00:00 -04:00
0ff2644320
potential heak based overflow per spartancodex
2026-05-22 21:50:47 -04:00
50ffad2d7d
remove superflous assignment
2026-05-22 18:45:57 -04:00
84fbcef8a5
Added missing check for returning an image with zero columns or rows ( https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8pj9-6897-74xc )
2026-05-22 17:53:08 +02:00
3ad556bd05
Another correction of the version check.
2026-05-21 09:11:32 +02:00
08b9f2747c
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9hqg-xf93-ghfw
2026-05-18 20:08:23 -04:00
404ff84e7d
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6mwj-rp89-6j5j
2026-05-18 19:17:29 -04:00
37af6883d6
Corrected version check to fix the build error reported in #8740 .
2026-05-18 17:51:55 +02:00
dd198f960a
Make sure we free the chunk when hitting max loop.
2026-05-18 17:37:29 +02:00
9682daba1c
Check the image extent before decoding the webp image and improved the error handling.
2026-05-14 23:16:58 +02:00
1fc6a11b2b
Set the status to make sure we exit earlier.
2026-05-14 22:33:30 +02:00
58163e0e27
Removed unused include.
2026-05-14 22:03:59 +02:00
6cee813810
Check if the TIFF file that is being read is a DNG file and then switch to the DNG decoder.
2026-05-14 21:50:37 +02:00
02b5cc9d9b
Improved performance when pinging an animated avif image.
2026-05-14 16:13:51 +02:00
64fc55b6c3
Allow reading more pixel masks in the DDS decoder ( #8723 )
2026-05-14 15:47:40 +02:00
adf173cc47
revert list length check
2026-05-13 22:11:52 -04:00
4d92249c84
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5r4x-w6p5-222q
2026-05-13 19:08:43 -04:00
ff2f155f28
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-533m-3wf6-c33v
2026-05-13 16:45:31 -04:00
e8431d4a28
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7gg8-qqx7-92g5
2026-05-13 15:51:15 -04:00
881cc2722e
ignore_sequence_editlist only in libheif 1.21 ( #8729 )
2026-05-13 09:45:23 -04:00
188fcf538f
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jcqp-6r6f-3mfx
2026-05-12 12:38:03 -04:00
3aa3574131
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-36wm-hprc-mcf5
2026-05-12 12:28:23 -04:00
c0d67d194d
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3rvp-mpr5-qjm9
2026-05-12 11:56:05 -04:00
bbfc7cba08
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gj92-pwm7-jcmp
2026-05-11 19:35:35 -04:00
0eb34f7c37
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gj92-pwm7-jcmp
2026-05-11 19:27:24 -04:00
10a1a22856
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g5mf-wqq5-vwg6
2026-05-11 19:15:01 -04:00
dd31516fdb
Revert patch because the index cannot be negative.
2026-05-11 20:29:20 +02:00
6dc0130dbb
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g5mf-wqq5-vwg6
2026-05-11 14:23:51 -04:00
8a24b6aa26
Added extra conditions for when ReadGenericMethod should be used when reading a jpeg compressed tiff file (dlemstra/Magick.NET/issues/2016)
2026-05-11 19:28:33 +02:00
dab73a3898
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hg5x-pmmv-4q7g
2026-05-09 18:57:27 -04:00
8def4934c7
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j3pv-77gf-fw2g
2026-05-09 18:53:31 -04:00
2cf3b5750b
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr6r-hmj8-pr7r
2026-05-09 18:48:00 -04:00
bcbda26477
stroke-antialiasing is not a valid SVG element
2026-05-09 13:48:44 -04:00
824aa5b6de
https://github.com/ImageMagick/ImageMagick/issues/8720
2026-05-09 13:04:11 -04:00
998b3f91a5
Added early exits when reading all the images would hit the list length limit.
2026-05-06 22:07:57 +02:00
a96763d717
Added missing check for the list length limit in the PSD decoder (GHSA-cwpj-h54c-xjpx)
2026-05-05 22:31:57 +02:00
be351d3c72
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v6qj-8rm4-fpgj
2026-05-04 22:12:21 -04:00
45e4648717
Decode the media timeline instead to avoid reading too many images ( #8706 )
2026-05-04 20:24:48 +02:00
84a15bf667
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jqq5-8px3-9m6m
2026-05-02 19:13:10 -04:00
6b8bf8cb85
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw3g-wvj6-3p7w
2026-05-02 19:05:29 -04:00
c265c9b6b2
https://github.com/ImageMagick/ImageMagick/issues/8712
2026-05-02 15:26:02 -04:00
f028fe940b
Another fix to check for the 32-bit overflow.
2026-05-02 17:16:28 +02:00
Dirk Lemstra
Cristy
dxbjavid
Remi Collet