diff -up espgs-8.15.2/src/zicc.c.CVE-2008-0411 espgs-8.15.2/src/zicc.c --- espgs-8.15.2/src/zicc.c.CVE-2008-0411 2005-01-19 04:08:41.000000000 +0000 +++ espgs-8.15.2/src/zicc.c 2008-02-19 09:44:35.000000000 +0000 @@ -80,6 +80,9 @@ zseticcspace(i_ctx_t * i_ctx_p) dict_find_string(op, "N", &pnval); ncomps = pnval->value.intval; + if (2*ncomps > sizeof(range_buff)/sizeof(float)) + return_error(e_rangecheck); + /* verify the DataSource entry */ if (dict_find_string(op, "DataSource", &pstrmval) <= 0) return_error(e_undefined);