Control: tags 1105005 + patch Control: tags 1105005 + pending
Dear maintainer, I've prepared an NMU for gimp (versioned as 3.0.2-3.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should cancel it. If you are fine with it we can as well reschedule it to upload soon. Regards, Salvatore
diffstat for gimp-3.0.2 gimp-3.0.2 changelog | 7 ++++ patches/plug-ins-ZDI-CAN-26752-mitigation.patch | 37 ++++++++++++++++++++++++ patches/series | 1 3 files changed, 45 insertions(+) diff -Nru gimp-3.0.2/debian/changelog gimp-3.0.2/debian/changelog --- gimp-3.0.2/debian/changelog 2025-05-03 05:01:17.000000000 +0200 +++ gimp-3.0.2/debian/changelog 2025-05-17 14:05:55.000000000 +0200 @@ -1,3 +1,10 @@ +gimp (3.0.2-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * plug-ins: ZDI-CAN-26752 mitigation (Closes: #1105005) + + -- Salvatore Bonaccorso <car...@debian.org> Sat, 17 May 2025 14:05:55 +0200 + gimp (3.0.2-3) unstable; urgency=medium * Team upload diff -Nru gimp-3.0.2/debian/patches/plug-ins-ZDI-CAN-26752-mitigation.patch gimp-3.0.2/debian/patches/plug-ins-ZDI-CAN-26752-mitigation.patch --- gimp-3.0.2/debian/patches/plug-ins-ZDI-CAN-26752-mitigation.patch 1970-01-01 01:00:00.000000000 +0100 +++ gimp-3.0.2/debian/patches/plug-ins-ZDI-CAN-26752-mitigation.patch 2025-05-17 14:04:22.000000000 +0200 @@ -0,0 +1,37 @@ +From: Alx Sa <cmyk.stud...@gmail.com> +Date: Sat, 3 May 2025 14:13:46 +0000 +Subject: plug-ins: ZDI-CAN-26752 mitigation +Origin: https://gitlab.gnome.org/GNOME/gimp/-/commit/c855d1df60ebaf5ef8d02807d448eb088f147a2b +Bug-Debian: https://bugs.debian.org/1105005 + +Resolves #13910 +Since ICO can store PNGs, it's possible to create an +icon that's much larger than the stated image size and +cause a buffer overflow. +This patch adds a check to make sure the width * height * 4 +calculation does not overflow in addition to making sure it +doesn't exceed the maximum allowed size for that icon. +--- + plug-ins/file-ico/ico-load.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/plug-ins/file-ico/ico-load.c b/plug-ins/file-ico/ico-load.c +index 9a222998bc12..818cf23cd318 100644 +--- a/plug-ins/file-ico/ico-load.c ++++ b/plug-ins/file-ico/ico-load.c +@@ -299,7 +299,11 @@ ico_read_png (FILE *fp, + png_read_info (png_ptr, info); + png_get_IHDR (png_ptr, info, &w, &h, &bit_depth, &color_type, + NULL, NULL, NULL); +- if (w*h*4 > maxsize) ++ /* Check for overflow */ ++ if ((w * h * 4) < w || ++ (w * h * 4) < h || ++ (w * h * 4) < (w * h) || ++ (w * h * 4) > maxsize) + { + png_destroy_read_struct (&png_ptr, &info, NULL); + return FALSE; +-- +2.49.0 + diff -Nru gimp-3.0.2/debian/patches/series gimp-3.0.2/debian/patches/series --- gimp-3.0.2/debian/patches/series 2025-05-03 04:59:17.000000000 +0200 +++ gimp-3.0.2/debian/patches/series 2025-05-17 14:05:19.000000000 +0200 @@ -0,0 +1 @@ +plug-ins-ZDI-CAN-26752-mitigation.patch
