mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
gimp: patch CVE-2025-2761
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2761 Pick the patch from the relevant upstream bug[1]. [1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/13073 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
committed by
Anuj Mittal
parent
50d7ec475b
commit
3dd2d0dc98
@@ -0,0 +1,34 @@
|
|||||||
|
From 658a8a07b831b82bd9e9592c18f21e4d4d7392af Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alx Sa <cmyk.student@gmail.com>
|
||||||
|
Date: Mon, 10 Mar 2025 04:07:44 +0000
|
||||||
|
Subject: [PATCH] plug-ins: Fix ZDI-CAN-25100 for FLI plug-in
|
||||||
|
|
||||||
|
Resolves #13073
|
||||||
|
This patch adds a check to make sure we're not
|
||||||
|
writing beyond the bounds of the "pos" array.
|
||||||
|
This is the same check that we do earlier when
|
||||||
|
writing pos[xc++], but it was left off of the last
|
||||||
|
write command. Since "n" will be 0 if we get to the
|
||||||
|
end of the array, it prevents us from writing beyond
|
||||||
|
that.
|
||||||
|
|
||||||
|
CVE: CVE-2025-2761
|
||||||
|
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/0806bc76ca74543d20e1307ccf6aebd26395c56c]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
plug-ins/file-fli/fli.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c
|
||||||
|
index c2e28e4..209b5ec 100644
|
||||||
|
--- a/plug-ins/file-fli/fli.c
|
||||||
|
+++ b/plug-ins/file-fli/fli.c
|
||||||
|
@@ -1026,7 +1026,7 @@ fli_read_lc_2 (FILE *f,
|
||||||
|
xc += len << 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- if (lpf)
|
||||||
|
+ if (lpf && xc < n)
|
||||||
|
pos[xc] = lpn;
|
||||||
|
yc++;
|
||||||
|
}
|
||||||
@@ -53,6 +53,7 @@ SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2 \
|
|||||||
file://CVE-2025-15059.patch \
|
file://CVE-2025-15059.patch \
|
||||||
file://CVE-2025-2760-1.patch \
|
file://CVE-2025-2760-1.patch \
|
||||||
file://CVE-2025-2760-2.patch \
|
file://CVE-2025-2760-2.patch \
|
||||||
|
file://CVE-2025-2761.patch \
|
||||||
"
|
"
|
||||||
SRC_URI[sha256sum] = "50a845eec11c8831fe8661707950f5b8446e35f30edfb9acf98f85c1133f856e"
|
SRC_URI[sha256sum] = "50a845eec11c8831fe8661707950f5b8446e35f30edfb9acf98f85c1133f856e"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user