From f11e20ad6ec2cc063a9ee3b4f180cb0f4b31091c Mon Sep 17 00:00:00 2001
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
Date: Mon, 12 Jan 2026 18:34:39 +1300
Subject: [PATCH] gimp: ignore CVE-2025-48796

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-48796

The vulnerable function ani_load_image() was added[1] after the current
version of GIMP[2], we can ignore the CVE.

[1] https://gitlab.gnome.org/GNOME/gimp/-/commit/aa51b9e19ece8a8c54a513fe33b6d65abcb0fbfb
[2] https://gitlab.gnome.org/GNOME/gimp/-/commits/GIMP_2_10_38/plug-ins/file-ico/ico-load.c?ref_type=tags

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
index 68daac776d..064a797986 100644
--- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
+++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
@@ -75,3 +75,4 @@ FILES:${PN}  += "${datadir}/metainfo"
 RDEPENDS:${PN} += "mypaint-brushes-1.0"
 
 CVE_STATUS[CVE-2007-3741] = "not-applicable-platform: This only applies for Mandriva Linux"
+CVE_STATUS[CVE-2025-48796] = "cpe-incorrect: The current version (2.10.38) is not affected."
\ No newline at end of file