mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-30 12:29:55 +00:00
Code Issues Projects Releases Wiki Activity

gdk-pixbuf: Fix CVE-2026-5201

Browse Source 
Pick patch according to [1]

[1] https://security-tracker.debian.org/tracker/CVE-2026-5201
[2] https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304

(From OE-Core rev: fb718f1ed26ec9a88c82e5310fc0e3dccaeaacec)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Vijay Anusuri
2026-04-28 12:32:39 +05:30
committed by Paul Barker
parent 70f5fb82d2
commit ef08dc5cb1
2 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch
+44
View File
@@ -0,0 +1,44 @@
From 6cce9311e70b969cbcc6e3e1e74ae1756ed02d5b Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Mon, 30 Mar 2026 12:21:56 -0400
Subject: [PATCH] jpeg: Reject unsupported number of components
This condition was already checked for incremental loading.
This commit adds the same check in the nonincremental
code path.
Closes: #304
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/6cce9311e70b969cbcc6e3e1e74ae1756ed02d5b]
CVE: CVE-2026-5201
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
gdk-pixbuf/io-jpeg.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
index 9ee1d21..d419812 100644
--- a/gdk-pixbuf/io-jpeg.c
+++ b/gdk-pixbuf/io-jpeg.c
@@ -625,6 +625,18 @@ gdk_pixbuf__real_jpeg_image_load (FILE *f, struct jpeg_decompress_struct *cinfo,
cinfo->do_fancy_upsampling = FALSE;
cinfo->do_block_smoothing = FALSE;
+ /* Reject unsupported component counts */
+ if (cinfo->output_components != 3 && cinfo->output_components != 4 &&
+ !(cinfo->output_components == 1 &&
+ cinfo->out_color_space == JCS_GRAYSCALE)) {
+ g_set_error (error,
+ GDK_PIXBUF_ERROR,
+ GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+ _("Unsupported number of color components (%d)"),
+ cinfo->output_components);
+ goto out;
+ }
+
pixbuf = gdk_pixbuf_new (GDK_COLORSPACE_RGB,
cinfo->out_color_components == 4 ? TRUE : FALSE,
8,
--
2.43.0
meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb
+1
View File
@@ -22,6 +22,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \
file://CVE-2025-7345.patch \
file://CVE-2025-6199.patch \
file://CVE-2026-5201.patch \
"
SRC_URI[sha256sum] = "b9505b3445b9a7e48ced34760c3bcb73e966df3ac94c95a148cb669ab748e3c7"