File gimp-CVE-2025-15059.patch of Package gimp

From 03575ac8cbb0ef3103b0a15d6598475088dcc15e Mon Sep 17 00:00:00 2001
From: Jacob Boerema <jgboerema@gmail.com>
Date: Sat, 20 Dec 2025 10:10:48 -0500
Subject: [PATCH] plug-ins: fix #15284 ZDI-CAN-28232 vulnerability in file-psp

We were not checking whether channel types were valid for grayscale
images. Using a blue color channel caused an invalid computation of
the offset which could cause us to access an invalid memory location.

Now we separate RGB from non-RGB images when checking which channels
are valid, and if not return with an error.
---
 plug-ins/common/file-psp.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
index f00251c573..3f6970561f 100644
--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
@@ -2171,11 +2171,12 @@ read_layer_block (FILE      *f,
                 }
               else
                 {
-                  if (channel_type > PSP_CHANNEL_BLUE)
+                  if ((ia->base_type == GIMP_RGB && channel_type > PSP_CHANNEL_BLUE) ||
+                      (ia->base_type != GIMP_RGB && channel_type >= PSP_CHANNEL_RED))
                     {
                       g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-                                  _("Invalid channel type %d in channel information chunk"),
-                                  channel_type);
+                                   _("Invalid channel type %d in channel information chunk"),
+                                   channel_type);
                       return NULL;
                     }
 
-- 
2.51.0