From 783dd3065e2ae5cb468770a8a32884445200a458 Mon Sep 17 00:00:00 2001
From: antonfirsov <antonfir@gmail.com>
Date: Mon, 16 Mar 2026 21:50:29 +0100
Subject: [PATCH 1/4] use macos-26-intel

---
 .github/workflows/build-and-test.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index 45769c2163..3d816bd574 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -22,7 +22,7 @@ jobs:
             sdk-preview: true
             runtime: -x64
             codecov: false
-          - os: macos-13 # macos-latest runs on arm64 runners
+          - os: macos-26-intel
             framework: net6.0
             sdk: 6.0.x
             sdk-preview: true
@@ -38,7 +38,7 @@ jobs:
             framework: net5.0
             runtime: -x64
             codecov: false
-          - os: macos-13 # macos-latest runs on arm64 runners
+          - os: macos-26-intel
             framework: net5.0
             runtime: -x64
             codecov: false
@@ -50,7 +50,7 @@ jobs:
             framework: netcoreapp3.1
             runtime: -x64
             codecov: false
-          - os: macos-13 # macos-latest runs on arm64 runners
+          - os: macos-26-intel
             framework: netcoreapp3.1
             runtime: -x64
             codecov: false

From ce3701bff7ce42ac1a942f55719d3c65f57c5567 Mon Sep 17 00:00:00 2001
From: antonfirsov <antonfir@gmail.com>
Date: Mon, 16 Mar 2026 22:08:28 +0100
Subject: [PATCH 2/4] ubuntu: change the libssl 1.1 package source

---
 .github/workflows/build-and-test.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index 3d816bd574..2debb07b57 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -77,9 +77,9 @@ jobs:
       - name: Install Ubuntu prerequisites
         if: ${{ contains(matrix.options.os, 'ubuntu') }}
         run: |
-          # libssl 1.1 (required by old .NET runtimes)
-          wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.0g-2ubuntu4_amd64.deb
-          sudo dpkg -i libssl1.1_1.1.0g-2ubuntu4_amd64.deb
+          # libssl 1.1 (required by old .NET runtimes, not in Ubuntu 22.04+ repos)
+          wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb
+          sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb
 
           # libgdiplus
           sudo apt-get -y install libgdiplus libgif-dev libglib2.0-dev libcairo2-dev libtiff-dev libexif-dev

From 691fc0baa16b385b525a46fc5206febad099ad5c Mon Sep 17 00:00:00 2001
From: antonfirsov <antonfir@gmail.com>
Date: Mon, 16 Mar 2026 22:15:59 +0100
Subject: [PATCH 3/4] apt-get update is required

---
 .github/workflows/build-and-test.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index 2debb07b57..073cc28faa 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -82,6 +82,7 @@ jobs:
           sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb
 
           # libgdiplus
+          sudo apt-get update
           sudo apt-get -y install libgdiplus libgif-dev libglib2.0-dev libcairo2-dev libtiff-dev libexif-dev
 
       - name: Git Config

From 18d36fcc2b1d0890c16315389fa79dd5803eb81e Mon Sep 17 00:00:00 2001
From: antonfirsov <antonfir@gmail.com>
Date: Tue, 17 Mar 2026 23:10:49 +0100
Subject: [PATCH 4/4] backport #3075 to 2.1.x

---
 src/ImageSharp/Formats/Bmp/BmpDecoderCore.cs  |  6 ++++
 .../Formats/Bmp/BmpDecoderTests.cs            | 28 +++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/src/ImageSharp/Formats/Bmp/BmpDecoderCore.cs b/src/ImageSharp/Formats/Bmp/BmpDecoderCore.cs
index ee0a312803..35f5245862 100644
--- a/src/ImageSharp/Formats/Bmp/BmpDecoderCore.cs
+++ b/src/ImageSharp/Formats/Bmp/BmpDecoderCore.cs
@@ -1377,6 +1377,12 @@ private int ReadImageHeaders(BufferedReadStream stream, out bool inverted, out b
                     switch (this.fileMarkerType)
                     {
                         case BmpFileMarkerType.Bitmap:
+                            if (this.fileHeader.Offset > stream.Length)
+                            {
+                                BmpThrowHelper.ThrowInvalidImageContentException(
+                                    $"Pixel data offset {this.fileHeader.Offset} exceeds file size {stream.Length}.");
+                            }
+
                             colorMapSizeBytes = this.fileHeader.Offset - BmpFileHeader.Size - this.infoHeader.HeaderSize;
                             int colorCountForBitDepth = ColorNumerics.GetColorCountForBitDepth(this.infoHeader.BitsPerPixel);
                             bytesPerColorMapEntry = colorMapSizeBytes / colorCountForBitDepth;
diff --git a/tests/ImageSharp.Tests/Formats/Bmp/BmpDecoderTests.cs b/tests/ImageSharp.Tests/Formats/Bmp/BmpDecoderTests.cs
index acc4c201b7..1b7ff8295b 100644
--- a/tests/ImageSharp.Tests/Formats/Bmp/BmpDecoderTests.cs
+++ b/tests/ImageSharp.Tests/Formats/Bmp/BmpDecoderTests.cs
@@ -632,5 +632,33 @@ public void BmpDecoder_ThrowsException_Issue2696<TPixel>(TestImageProvider<TPixe
                     using Image<TPixel> image = provider.GetImage(BmpDecoder);
                 });
         }
+
+        // https://github.com/SixLabors/ImageSharp/issues/3074
+        [Fact]
+        public void BmpDecoder_ThrowsException_Issue3074()
+        {
+            // Crafted BMP: pixel data offset = 0x7FFFFFFF, actual file = 35 bytes
+            byte[] data =
+            {
+                0x42, 0x4D,                         // "BM" signature
+                0x3A, 0x00, 0x00, 0x00,             // file size: 58
+                0x00, 0x00, 0x00, 0x00,             // reserved
+                0xFF, 0xFF, 0xFF, 0x7F,             // pixel offset: 0x7FFFFFFF (2,147,483,647)
+                0x28, 0x00, 0x00, 0x00,             // DIB header size: 40
+                0x01, 0x00, 0x00, 0x00,             // width: 1
+                0x01, 0xFF, 0x00, 0x00,             // height: 65281
+                0x01, 0x00,                         // color planes: 1
+                0x08, 0x00,                         // bits per pixel: 8
+                0x00, 0x00, 0x00, 0x00,             // compression: RGB
+                0x00, 0x00, 0x00 // (truncated)
+            };
+
+            using MemoryStream stream = new(data);
+
+            Assert.Throws<InvalidImageContentException>(() =>
+            {
+                using Image<Rgba32> image = Image.Load<Rgba32>(stream);
+            });
+        }
     }
 }