diff -up cups-1.2.4/filter/image-gif.c.CVE-2008-1373 cups-1.2.4/filter/image-gif.c --- cups-1.2.4/filter/image-gif.c.CVE-2008-1373 2006-05-11 12:41:36.000000000 +0100 +++ cups-1.2.4/filter/image-gif.c 2008-03-20 15:32:18.000000000 +0000 @@ -47,6 +47,8 @@ #define GIF_INTERLACE 0x40 #define GIF_COLORMAP 0x80 +#define MAX_LWZ_BITS 12 + typedef cups_ib_t gif_cmap_t[256][4]; typedef short gif_table_t[4096]; @@ -471,6 +473,9 @@ gif_read_image(FILE *fp, /* I - pass = 0; code_size = getc(fp); + if (code_size > MAX_LWZ_BITS) + return (-1); + if (gif_read_lzw(fp, 1, code_size) < 0) return (-1);