Control: tags 1119661 + patch Control: tags 1119661 + pending
Dear maintainer, I've prepared an NMU for gimp (versioned as 3.0.4-6.2) and uploaded it to DELAYED/2. Please feel free to tell me if I should cancel it. Regards, Salvatore
diffstat for gimp-3.0.4 gimp-3.0.4 changelog | 7 ++++ patches/plug-ins-fix-ZDI-CAN-27823.patch | 50 +++++++++++++++++++++++++++++++ patches/series | 1 3 files changed, 58 insertions(+) diff -Nru gimp-3.0.4/debian/changelog gimp-3.0.4/debian/changelog --- gimp-3.0.4/debian/changelog 2025-09-29 20:57:32.000000000 +0200 +++ gimp-3.0.4/debian/changelog 2025-10-30 21:13:18.000000000 +0100 @@ -1,3 +1,10 @@ +gimp (3.0.4-6.2) unstable; urgency=medium + + * Non-maintainer upload. + * plug-ins: fix ZDI-CAN-27823 (CVE-2025-10934) (Closes: #1119661) + + -- Salvatore Bonaccorso <[email protected]> Thu, 30 Oct 2025 21:13:18 +0100 + gimp (3.0.4-6.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru gimp-3.0.4/debian/patches/plug-ins-fix-ZDI-CAN-27823.patch gimp-3.0.4/debian/patches/plug-ins-fix-ZDI-CAN-27823.patch --- gimp-3.0.4/debian/patches/plug-ins-fix-ZDI-CAN-27823.patch 1970-01-01 01:00:00.000000000 +0100 +++ gimp-3.0.4/debian/patches/plug-ins-fix-ZDI-CAN-27823.patch 2025-10-30 21:12:37.000000000 +0100 @@ -0,0 +1,50 @@ +From: Jacob Boerema <[email protected]> +Date: Wed, 3 Sep 2025 18:37:26 -0400 +Subject: plug-ins: fix ZDI-CAN-27823 +Origin: https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c +Bug: https://gitlab.gnome.org/GNOME/gimp/-/issues/14814 +Bug-Debian: https://bugs.debian.org/1119661 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-10934 + +GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution +Vulnerability. + +Check offset in colormap is valid before writing to it. + +Closes #14814 + +(cherry picked from commit 4eb106f2bff2d9b8e518aa455a884c6f38d70c6a) +--- + plug-ins/common/file-xwd.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c +index 8d013397be69..c4c41e5bea7e 100644 +--- a/plug-ins/common/file-xwd.c ++++ b/plug-ins/common/file-xwd.c +@@ -1683,9 +1683,20 @@ load_xwd_f2_d16_b16 (GFile *file, + greenval = (green * 255) / maxgreen; + for (blue = 0; blue <= maxblue; blue++) + { ++ guint32 offset = ((red << redshift) + (green << greenshift) + ++ (blue << blueshift)) * 3; ++ ++ if (offset+2 >= maxval) ++ { ++ g_set_error (error, GIMP_PLUG_IN_ERROR, 0, ++ _("Invalid colormap offset. Possibly corrupt image.")); ++ g_free (data); ++ g_free (ColorMap); ++ g_object_unref (buffer); ++ return NULL; ++ } + blueval = (blue * 255) / maxblue; +- cm = ColorMap + ((red << redshift) + (green << greenshift) +- + (blue << blueshift)) * 3; ++ cm = ColorMap + offset; + *(cm++) = redval; + *(cm++) = greenval; + *cm = blueval; +-- +2.51.0 + diff -Nru gimp-3.0.4/debian/patches/series gimp-3.0.4/debian/patches/series --- gimp-3.0.4/debian/patches/series 2025-09-29 20:56:26.000000000 +0200 +++ gimp-3.0.4/debian/patches/series 2025-10-30 21:12:43.000000000 +0100 @@ -4,3 +4,4 @@ plug-ins-fix-dicom-plug-in-ZDI-CAN-27863.patch plug-ins-fix-ZDI-CAN-27878.patch plug-ins-Fix-ZDI-CAN-27836.patch +plug-ins-fix-ZDI-CAN-27823.patch
