packages/gimp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-44442 and CVE-2023-44444

Browse Source
This commit is contained in:
starlet-dx 2023-12-04 17:07:18 +08:00
parent c12db11cff
commit 8876dc7909
3 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
CVE-2023-44442.patch Normal file
View File

@ -0,0 +1,30 @@
From f131d4feacfd86825d255effd02cde15373e6fc3 Mon Sep 17 00:00:00 2001
From: Alx Sa <cmyk.student@gmail.com>
Date: Fri, 29 Sep 2023 20:39:29 +0000
Subject: plug-ins: Fix vulnerability in file-psd
Resolves #10101.
This patch adds a missing break statement after an error condition
is detected to prevent the code from continuing afterwards.
Origin:
https://gitlab.gnome.org/GNOME/gimp/-/commit/985c0a20e18b5b3b8a48ee9cb12287b1d5732d3d
---
plug-ins/file-psd/psd-util.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/plug-ins/file-psd/psd-util.c b/plug-ins/file-psd/psd-util.c
index f71a57bdd6..4b6507b5de 100644
--- a/plug-ins/file-psd/psd-util.c
+++ b/plug-ins/file-psd/psd-util.c
@@ -519,6 +519,7 @@ decode_packbits (const gchar *src,
{
IFDBG(2) g_debug ("Overrun in packbits replicate of %d chars", n - unpack_left);
error_code = 2;
+ break;
}
dat = *src;
for (; n > 0; --n)
--
2.30.2

34
CVE-2023-44444.patch Normal file
View File

@ -0,0 +1,34 @@
From 5203f996b5eb018fd08e8e99e42b28f42ef27533 Mon Sep 17 00:00:00 2001
From: Alx Sa <cmyk.student@gmail.com>
Date: Sat, 23 Sep 2023 02:16:24 +0000
Subject: plug-ins: Fix PSP vulnerability (ZDI-CAN-22097)
Resolves #10071.
When reading RLE compressed data, a buffer was allocated to 127 bytes.
However, it can potentially be used to read 128 bytes, leading to a
off-by-one vulnerability. This patch allocates 128 bytes to the buffer
to prevent this from occurring.
Origin:
https://gitlab.gnome.org/GNOME/gimp/-/commit/e1bfd87195e4fe60a92df70cde65464d032dd3c1
---
plug-ins/common/file-psp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
index 33c6a2b607..f3aa00fdc0 100644
--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
@@ -1235,7 +1235,7 @@ read_channel_data (FILE *f,
q = pixels[0] + offset;
endq = q + npixels * bytespp;
- buf = g_malloc (127);
+ buf = g_malloc (128);
while (q < endq)
{
fread (&runcount, 1, 1, f);
--
2.30.2

9
gimp.spec
View File

@ -1,6 +1,6 @@
Name: gimp Name: gimp
Version: 2.10.6 Version: 2.10.6
Release: 9 Release: 10
Epoch: 2 Epoch: 2
Summary: A versatile graphics manipulation package Summary: A versatile graphics manipulation package
License: GPLv3+ and GPLv3 License: GPLv3+ and GPLv3
@ -9,6 +9,10 @@ URL: http://www.gimp.org/
Source0: http://download.gimp.org/pub/gimp/v2.10/gimp-2.10.6.tar.bz2 Source0: http://download.gimp.org/pub/gimp/v2.10/gimp-2.10.6.tar.bz2
Patch6000: backport-CVE-2018-12713.patch Patch6000: backport-CVE-2018-12713.patch
Patch6001: CVE-2021-45463.patch Patch6001: CVE-2021-45463.patch
# https://gitlab.gnome.org/GNOME/gimp/-/commit/985c0a20e18b5b3b8a48ee9cb12287b1d5732d3d
Patch6002: CVE-2023-44442.patch
# https://gitlab.gnome.org/GNOME/gimp/-/commit/e1bfd87195e4fe60a92df70cde65464d032dd3c1
Patch6003: CVE-2023-44444.patch
%global apiversion 2.0 %global apiversion 2.0
%global textversion 20 %global textversion 20
@ -255,6 +259,9 @@ make check %{?_smp_mflags}
%{_mandir}/man*/* %{_mandir}/man*/*
%changelog %changelog
* Mon Dec 04 2023 yaoxin <yao_xin001@hoperun.com> - 2:2.10.6-10
- Fix CVE-2023-44442 and CVE-2023-44444
* Fri Jan 07 2022 yaoxin <yaoxin30@huawei.com> - 2:2.10.6-9 * Fri Jan 07 2022 yaoxin <yaoxin30@huawei.com> - 2:2.10.6-9
- Fix CVE-2021-45463 - Fix CVE-2021-45463