diff mbox series

[meta-gnome,scarthgap,2/2] gimp: patch CVE-2025-15059

Message ID 20260304203944.2551023-2-skandigraun@gmail.com
State New
Headers show
Series [meta-gnome,scarthgap,1/2] gimp: ignore CVE-2025-14424 | expand

Commit Message

Gyorgy Sarvari March 4, 2026, 8:39 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15059

Backport the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../gimp/gimp/CVE-2025-15059.patch            | 33 +++++++++++++++++++
 meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb  |  3 +-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-15059.patch
diff mbox series

Patch

diff --git a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-15059.patch b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-15059.patch
new file mode 100644
index 0000000000..f6a098e78d
--- /dev/null
+++ b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-15059.patch
@@ -0,0 +1,33 @@ 
+From 5c9b71cf1ba8806ace50ab20e074cf850c7c02c4 Mon Sep 17 00:00:00 2001
+From: Jacob Boerema <jgboerema@gmail.com>
+Date: Sat, 20 Dec 2025 10:10:48 -0500
+Subject: [PATCH] plug-ins: fix #15284 ZDI-CAN-28232 vulnerability in file-psp
+
+We were not checking whether channel types were valid for grayscale
+images. Using a blue color channel caused an invalid computation of
+the offset which could cause us to access an invalid memory location.
+
+Now we separate RGB from non-RGB images when checking which channels
+are valid, and if not return with an error.
+
+CVE: CVE-2025-15059
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ plug-ins/common/file-psp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
+index 6a6b93d..bcad357 100644
+--- a/plug-ins/common/file-psp.c
++++ b/plug-ins/common/file-psp.c
+@@ -2020,7 +2020,8 @@ read_layer_block (FILE      *f,
+                 }
+               else
+                 {
+-                  if (channel_type > PSP_CHANNEL_BLUE)
++                  if ((ia->base_type == GIMP_RGB && channel_type > PSP_CHANNEL_BLUE) ||
++                      (ia->base_type != GIMP_RGB && channel_type >= PSP_CHANNEL_RED))
+                     {
+                       g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+                                   _("Invalid channel type %d in channel information chunk"),
diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
index dd3a1e3e1b..95a6dfd7c8 100644
--- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
+++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
@@ -50,7 +50,8 @@  SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2 \
            file://CVE-2025-14422.patch \
            file://CVE-2025-14425.patch \
            file://CVE-2025-5473.patch \
-"
+           file://CVE-2025-15059.patch \
+           "
 SRC_URI[sha256sum] = "50a845eec11c8831fe8661707950f5b8446e35f30edfb9acf98f85c1133f856e"
 
 EXTRA_OECONF = "--disable-python \