Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15059
Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../gimp/gimp/CVE-2025-15059.patch | 33 +++++++++++++++++++ meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb | 3 +- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-15059.patch diff --git a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-15059.patch b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-15059.patch new file mode 100644 index 0000000000..f6a098e78d --- /dev/null +++ b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-15059.patch @@ -0,0 +1,33 @@ +From 5c9b71cf1ba8806ace50ab20e074cf850c7c02c4 Mon Sep 17 00:00:00 2001 +From: Jacob Boerema <[email protected]> +Date: Sat, 20 Dec 2025 10:10:48 -0500 +Subject: [PATCH] plug-ins: fix #15284 ZDI-CAN-28232 vulnerability in file-psp + +We were not checking whether channel types were valid for grayscale +images. Using a blue color channel caused an invalid computation of +the offset which could cause us to access an invalid memory location. + +Now we separate RGB from non-RGB images when checking which channels +are valid, and if not return with an error. + +CVE: CVE-2025-15059 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + plug-ins/common/file-psp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c +index 6a6b93d..bcad357 100644 +--- a/plug-ins/common/file-psp.c ++++ b/plug-ins/common/file-psp.c +@@ -2020,7 +2020,8 @@ read_layer_block (FILE *f, + } + else + { +- if (channel_type > PSP_CHANNEL_BLUE) ++ if ((ia->base_type == GIMP_RGB && channel_type > PSP_CHANNEL_BLUE) || ++ (ia->base_type != GIMP_RGB && channel_type >= PSP_CHANNEL_RED)) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("Invalid channel type %d in channel information chunk"), diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb index dd3a1e3e1b..95a6dfd7c8 100644 --- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb +++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb @@ -50,7 +50,8 @@ SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2 \ file://CVE-2025-14422.patch \ file://CVE-2025-14425.patch \ file://CVE-2025-5473.patch \ -" + file://CVE-2025-15059.patch \ + " SRC_URI[sha256sum] = "50a845eec11c8831fe8661707950f5b8446e35f30edfb9acf98f85c1133f856e" EXTRA_OECONF = "--disable-python \
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124858): https://lists.openembedded.org/g/openembedded-devel/message/124858 Mute This Topic: https://lists.openembedded.org/mt/118140408/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
