Copied from Fedora. http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2009-3546.patch --- libwmf-0.2.8.4/src/extra/gd/gd_gd.c 2010-12-06 14:56:06.000000000 +0000 +++ libwmf-0.2.8.4/src/extra/gd/gd_gd.c 2010-12-06 14:57:04.000000000 +0000 @@ -42,6 +42,10 @@ { goto fail1; } + if (&im->colorsTotal > gdMaxColors) + { + goto fail1; + } } /* Int to accommodate truecolor single-color transparency */ if (!gdGetInt (&im->transparent, in))