Commit 95348072e for imagemagick.org
commit 95348072e253fd101050b493ae70ba0ec253aefc
Author: Cristy <urban-warrior@imagemagick.org>
Date: Fri Jun 19 17:45:27 2026 -0400
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-75mw-9cc9-fqx9
diff --git a/coders/cut.c b/coders/cut.c
index ae1a3c304..5d1bd8678 100644
--- a/coders/cut.c
+++ b/coders/cut.c
@@ -56,6 +56,8 @@
#include "MagickCore/magick.h"
#include "MagickCore/memory_.h"
#include "MagickCore/pixel-accessor.h"
+#include "MagickCore/policy.h"
+#include "MagickCore/policy-private.h"
#include "MagickCore/quantum-private.h"
#include "MagickCore/static.h"
#include "MagickCore/string_.h"
@@ -328,6 +330,7 @@ static Image *ReadCUTImage(const ImageInfo *image_info,ExceptionInfo *exception)
Image *image,*palette;
ImageInfo *clone_info;
MagickBooleanType status;
+ MagickBooleanType authorized;
MagickOffsetType
offset;
@@ -429,6 +432,9 @@ static Image *ReadCUTImage(const ImageInfo *image_info,ExceptionInfo *exception)
}
}
+ authorized=IsPathAuthorized(ReadPolicyRights,clone_info->filename);
+ if (authorized == MagickFalse)
+ ThrowCUTReaderException(PolicyError,"NotAuthorized");
(void) CopyMagickString(clone_info->filename+i,".PAL",(size_t)
(MagickPathExtent-i));
if((clone_info->file=fopen_utf8(clone_info->filename,"rb"))==NULL)
@@ -437,8 +443,14 @@ static Image *ReadCUTImage(const ImageInfo *image_info,ExceptionInfo *exception)
(MagickPathExtent-i));
if((clone_info->file=fopen_utf8(clone_info->filename,"rb"))==NULL)
{
+ authorized=IsPathAuthorized(ReadPolicyRights,clone_info->filename);
+ if (authorized == MagickFalse)
+ ThrowCUTReaderException(PolicyError,"NotAuthorized");
clone_info->filename[i]='\0';
- if((clone_info->file=fopen_utf8(clone_info->filename,"rb"))==NULL)
+ authorized=IsPathAuthorized(ReadPolicyRights,clone_info->filename);
+ if (authorized == MagickFalse)
+ ThrowCUTReaderException(PolicyError,"NotAuthorized");
+ if ((clone_info->file=fopen_utf8(clone_info->filename,"rb"))==NULL)
{
clone_info=DestroyImageInfo(clone_info);
clone_info=NULL;