From: Ludovic Rousseau <rousseau@debian.org>
Date: Fri Aug  2 18:20:39 CEST 2019
Subject: check length is strictly positive

Bug-Debian: http://bugs.debian.org/932146
Description: Fix CVE-2019-1010302

--- a/iptc.c
+++ b/iptc.c
@@ -126,6 +126,8 @@
 
         type    = *pos++;
         length  = (*pos << 8) + (*(pos+1));
+        if (length < 1)
+            goto corrupt;
         pos    += 2;                          // Skip tag length
 
         if (pos+length > maxpos) goto corrupt;
