Commit dcba7ee9f for imagemagick.org
commit dcba7ee9ffb0c5a22a458bf0c613bc818fcb4cc6
Author: Cristy <urban-warrior@imagemagick.org>
Date: Sun Jun 14 08:55:56 2026 -0400
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7
diff --git a/MagickWand/deprecate.c b/MagickWand/deprecate.c
index 8d5bcf385..9622d734a 100644
--- a/MagickWand/deprecate.c
+++ b/MagickWand/deprecate.c
@@ -47,6 +47,7 @@
#include "MagickWand/wand.h"
#include "MagickCore/exception-private.h"
#include "MagickCore/monitor-private.h"
+#include "MagickCore/policy-private.h"
#include "MagickCore/string-private.h"
#include "MagickCore/thread-private.h"
#include "MagickCore/utility-private.h"
@@ -106,6 +107,8 @@ static MagickBooleanType ConcatenateImages(int argc,char **argv,
/*
Open output file.
*/
+ if (IsPathAuthorized(WritePolicyRights,argv[argc-1]) == MagickFalse)
+ ThrowPolicyException(argv[argc-1],MagickFalse);
output=fopen_utf8(argv[argc-1],"wb");
if (output == (FILE *) NULL)
{
@@ -116,6 +119,8 @@ static MagickBooleanType ConcatenateImages(int argc,char **argv,
status=MagickTrue;
for (i=2; i < ((ssize_t) argc-1); i++)
{
+ if (IsPathAuthorized(ReadPolicyRights,argv[i]) == MagickFalse)
+ ThrowPolicyException(argv[i],MagickFalse);
input=fopen_utf8(argv[i],"rb");
if (input == (FILE *) NULL)
{
diff --git a/MagickWand/magick-cli.c b/MagickWand/magick-cli.c
index 9e097cd7f..7e1cce906 100644
--- a/MagickWand/magick-cli.c
+++ b/MagickWand/magick-cli.c
@@ -54,6 +54,7 @@
#include "MagickWand/operation.h"
#include "MagickWand/magick-cli.h"
#include "MagickWand/script-token.h"
+#include "MagickCore/policy-private.h"
#include "MagickCore/string-private.h"
#include "MagickCore/thread-private.h"
#include "MagickCore/utility-private.h"
@@ -1255,6 +1256,8 @@ static MagickBooleanType ConcatenateImages(int argc,char **argv,
if (ExpandFilenames(&argc,&argv) == MagickFalse)
ThrowFileException(exception,ResourceLimitError,"MemoryAllocationFailed",
argv[argc-1]);
+ if (IsPathAuthorized(WritePolicyRights,argv[argc-1]) == MagickFalse)
+ ThrowPolicyException(argv[argc-1],MagickFalse);
output=fopen_utf8(argv[argc-1],"wb");
if (output == (FILE *) NULL)
{
@@ -1265,6 +1268,8 @@ static MagickBooleanType ConcatenateImages(int argc,char **argv,
status=MagickTrue;
for (i=2; i < ((ssize_t) argc-1); i++)
{
+ if (IsPathAuthorized(ReadPolicyRights,argv[i]) == MagickFalse)
+ ThrowPolicyException(argv[i],MagickFalse);
input=fopen_utf8(argv[i],"rb");
if (input == (FILE *) NULL)
{