--- graphicsmagick-1.1.7.orig/coders/dcm.c
+++ graphicsmagick-1.1.7/coders/dcm.c
@@ -3022,7 +3022,7 @@
             /*
               Photometric interpretation.
             */
-            for (i=0; i < (long) length; i++)
+            for (i=0; i < (long) Min(length, MaxTextExtent-1); i++)
               photometric[i]=data[i];
             photometric[i]='\0';
             break;
--- graphicsmagick-1.1.7.orig/coders/palm.c
+++ graphicsmagick-1.1.7/coders/palm.c
@@ -541,7 +541,8 @@
         image->compression = RLECompression;
         for (i = 0; i < (long) bytes_per_row; )
           {
           count = ReadBlobByte(image);
+          count = Min(count, bytes_per_row-i);
           byte = ReadBlobByte(image);
           memset(one_row + i, (int) byte, count);
           i += count;
@@ -579,6 +579,8 @@
     indexes=GetIndexes(image);
     if(bits_per_pixel == 16)
       {
+      if (image->columns > 2*bytes_per_row)
+        ThrowReaderException(CorruptImageError,CorruptImage,image);
       for (x=0; x < (long) image->columns; x++)
         {
         color16 = (*ptr++ << 8);
@@ -595,6 +597,8 @@
       bit = 8 - bits_per_pixel;
       for(x = 0; x < (long) image->columns; x++)
         {
+	if (ptr - one_row >= bytes_per_row)
+          ThrowReaderException(CorruptImageError,CorruptImage,image);
         index =(IndexPacket) (mask - (((*ptr) & (mask << bit)) >> bit));
         indexes[x] = index;
         *q++ = image->colormap[index];