Commit 6655858e8 for imagemagick.org
commit 6655858e8ca6cbe5a4a9b028cf3ffb3a27f4525b
Author: Cristy <urban-warrior@imagemagick.org>
Date: Sat Jun 13 11:48:21 2026 -0400
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9xw9-2xcf-6jjg
diff --git a/coders/vicar.c b/coders/vicar.c
index 0c2464f55..e5f9a680a 100644
--- a/coders/vicar.c
+++ b/coders/vicar.c
@@ -162,6 +162,9 @@ static Image *ReadVICARImage(const ImageInfo *image_info,
status,
value_expected;
+ MagickSizeType
+ number_pixels;
+
QuantumInfo
*quantum_info;
@@ -359,7 +362,7 @@ static Image *ReadVICARImage(const ImageInfo *image_info,
if ((image->columns == 0) || (image->rows == 0))
ThrowReaderException(CorruptImageError,"NegativeOrZeroImageSize");
image->depth=8;
- if (LocaleCompare(format,"byte") == 0)
+ if (LocaleCompare(fo*rmat,"byte") == 0)
;
else
if (LocaleCompare(format,"half") == 0)
@@ -375,6 +378,9 @@ static Image *ReadVICARImage(const ImageInfo *image_info,
(void) CloseBlob(image);
return(GetFirstImageInList(image));
}
+ number_pixels=(MagickSizeType) image->columns*image->rows;
+ if (number_pixels > GetBlobSize(image))
+ ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
status=SetImageExtent(image,image->columns,image->rows,exception);
if (status == MagickFalse)
return(DestroyImageList(image));