File gimp-CVE-2026-4151.patch of Package gimp
From 09e5459de913172fc51da3bd6b6adc533acd368e Mon Sep 17 00:00:00 2001
From: Alx Sa <cmyk.student@gmail.com>
Date: Thu, 5 Mar 2026 23:58:45 +0000
Subject: [PATCH] plug-ins: Resolve ZDI-CAN-28813 in ANI loading
Resolves #15968
It is possible to cause a buffer overflow in our ANI
loading code by setting the Name or Artist metadata
files to 0xFFFFFFFF. This patch changes our allocation
code to use g_try_new0 () instead of g_new0 (), and
verifies if it is NULL before trying to read data into it.
---
plug-ins/file-ico/ico-load.c | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/plug-ins/file-ico/ico-load.c b/plug-ins/file-ico/ico-load.c
index 29ad4c5eb59..e20d79a713f 100644
--- a/plug-ins/file-ico/ico-load.c
+++ b/plug-ins/file-ico/ico-load.c
@@ -893,7 +893,16 @@ ani_load_image (GFile *file,
if (inam)
g_free (inam);
- inam = g_new0 (gchar, size + 1);
+ inam = g_try_new0 (gchar, size + 1);
+ if (inam == NULL)
+ {
+ fclose (fp);
+ g_set_error (error, G_FILE_ERROR,
+ g_file_error_from_errno (errno),
+ _("Invalid ANI metadata"));
+ return NULL;
+ }
+
n_read = fread (inam, sizeof (gchar), size, fp);
inam[size] = '\0';
}
@@ -924,7 +933,16 @@ ani_load_image (GFile *file,
if (iart)
g_free (iart);
- iart = g_new0 (gchar, size + 1);
+ iart = g_try_new0 (gchar, size + 1);
+ if (iart == NULL)
+ {
+ fclose (fp);
+ g_set_error (error, G_FILE_ERROR,
+ g_file_error_from_errno (errno),
+ _("Invalid ANI metadata"));
+ return NULL;
+ }
+
n_read = fread (iart, sizeof (gchar), size, fp);
iart[size] = '\0';
}
--
GitLab
