Fix CVE-2025-2761
(cherry picked from commit 32fbc2a360a86350ebacf80ce9d40d3f625f72dd)
This commit is contained in:
wk333
openeuler-sync-bot
parent
f813fdd91b
commit
bdd77b2fcf
35
CVE-2025-2761.patch
Normal file
35
CVE-2025-2761.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 0806bc76ca74543d20e1307ccf6aebd26395c56c Mon Sep 17 00:00:00 2001
|
||||
From: Alx Sa <cmyk.student@gmail.com>
|
||||
Date: Mon, 10 Mar 2025 04:07:44 +0000
|
||||
Subject: [PATCH] plug-ins: Fix ZDI-CAN-25100 for FLI plug-in
|
||||
|
||||
Origin: https://gitlab.gnome.org/GNOME/gimp/-/commit/0806bc76ca74543d20e1307ccf6aebd26395c56c
|
||||
|
||||
Resolves #13073
|
||||
This patch adds a check to make sure we're not
|
||||
writing beyond the bounds of the "pos" array.
|
||||
This is the same check that we do earlier when
|
||||
writing pos[xc++], but it was left off of the last
|
||||
write command. Since "n" will be 0 if we get to the
|
||||
end of the array, it prevents us from writing beyond
|
||||
that.
|
||||
---
|
||||
plug-ins/file-fli/fli.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c
|
||||
index 85dcc994395..1aba31e8f90 100644
|
||||
--- a/plug-ins/file-fli/fli.c
|
||||
+++ b/plug-ins/file-fli/fli.c
|
||||
@@ -1529,7 +1529,7 @@ fli_read_lc_2 (FILE *f,
|
||||
xc += len << 1;
|
||||
}
|
||||
}
|
||||
- if (lpf)
|
||||
+ if (lpf && xc < n)
|
||||
pos[xc] = lpn;
|
||||
yc++;
|
||||
}
|
||||
--
|
||||
GitLab
|
||||
|
||||
@ -42,7 +42,7 @@
|
||||
|
||||
Name: gimp
|
||||
Version: 2.99.10
|
||||
Release: 2
|
||||
Release: 3
|
||||
Epoch: 2
|
||||
Summary: The GNU Image Manipulation Program
|
||||
License: GPL-3.0-or-later
|
||||
@ -55,6 +55,7 @@ Source98: gimp-rpmlintrc
|
||||
Source99: baselibs.conf
|
||||
Patch0: git_info_from_dirname.patch
|
||||
Patch1: adapted-babl.patch
|
||||
Patch2: CVE-2025-2761.patch
|
||||
BuildRequires: autoconf glibc-all-langpacks
|
||||
BuildRequires: automake
|
||||
BuildRequires: libtool
|
||||
@ -417,6 +418,9 @@ chrpath -d %{buildroot}/usr/lib64/gimp/2.99/plug-ins/file-aa/file-aa
|
||||
%{_libdir}/gimp/2.99/extensions/org.gimp.extension.goat-exercises
|
||||
|
||||
%changelog
|
||||
* Tue May 06 2025 wangkai <13474090681@163.com> - 2:2.99.10-3
|
||||
- Fix CVE-2025-2761
|
||||
|
||||
* Thu Jan 18 2024 liyanan <liyanan61@h-partners.com> - 2:2.99.10-2
|
||||
- Remove rpath
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user