cups/cups-CVE-2008-1373.patch

diff -up cups-1.3.6/filter/image-gif.c.CVE-2008-1373 cups-1.3.6/filter/image-gif.c
--- cups-1.3.6/filter/image-gif.c.CVE-2008-1373	2008-01-14 22:12:58.000000000 +0000
+++ cups-1.3.6/filter/image-gif.c	2008-04-01 16:43:22.000000000 +0100
@@ -38,6 +38,8 @@
 #define GIF_INTERLACE	0x40
 #define GIF_COLORMAP	0x80
 
+#define MAX_LWZ_BITS	12
+
 typedef cups_ib_t	gif_cmap_t[256][4];
 typedef short		gif_table_t[4096];
 
@@ -465,6 +467,9 @@ gif_read_image(FILE         *fp,	/* I - 
   if (!pixels)
     return (-1);
 
+  if (code_size > MAX_LWZ_BITS)
+    return (-1);
+
   if (gif_read_lzw(fp, 1, code_size) < 0)
   {
     free(pixels);