--- ImageMagick-6.2.9/coders/palm.c.cve-2006-5456	2006-01-07 22:41:08.000000000 -0700
+++ ImageMagick-6.2.9/coders/palm.c	2007-02-06 14:25:26.000000000 -0700
@@ -399,6 +399,7 @@ static Image *ReadPALMImage(const ImageI
               for (i=0; i < (long) bytes_per_row; )
               {
                 count=ReadBlobByte(image);
+                count=Min(count, bytes_per_row-i);		
                 byte=ReadBlobByte(image);
                 (void) ResetMagickMemory(one_row+i,(int) byte,count);
                 i+=count;
@@ -431,6 +432,8 @@ static Image *ReadPALMImage(const ImageI
       indexes=GetIndexes(image);
       if (bits_per_pixel == 16)
         {
+          if (image->columns > 2*bytes_per_row)
+            ThrowReaderException(CorruptImageError,"CorruptImage");
           for (x=0; x < (long) image->columns; x++)
           {
             color16=(*ptr++ << 8);
@@ -447,6 +450,8 @@ static Image *ReadPALMImage(const ImageI
           bit=8-bits_per_pixel;
           for (x=0; x < (long) image->columns; x++)
           {
+            if (ptr - one_row >= bytes_per_row)
+              ThrowReaderException(CorruptImageError,"CorruptImage");
             index=(IndexPacket) (mask-(((*ptr) & (mask << bit)) >> bit));
             indexes[x]=index;
             *q++=image->colormap[index];
--- ImageMagick-6.2.9/coders/dcm.c.cve-2006-5456	2006-01-21 10:54:06.000000000 -0700
+++ ImageMagick-6.2.9/coders/dcm.c	2007-02-06 14:22:01.000000000 -0700
@@ -2950,7 +2950,7 @@ static Image *ReadDCMImage(const ImageIn
             /*
               Photometric interpretation.
             */
-            for (i=0; i < (long) length; i++)
+            for (i=0; i < (long) Min(length, MaxTextExtent-1); i++)
               photometric[i]=(char) data[i];
             photometric[i]='\0';
             break;