Overview

File gimp-CVE-2025-2761.patch of Package gimp.39680

From 0806bc76ca74543d20e1307ccf6aebd26395c56c Mon Sep 17 00:00:00 2001
From: Alx Sa <cmyk.student@gmail.com>
Date: Mon, 10 Mar 2025 04:07:44 +0000
Subject: [PATCH] plug-ins: Fix ZDI-CAN-25100 for FLI plug-in

Resolves #13073
This patch adds a check to make sure we're not
writing beyond the bounds of the "pos" array.
This is the same check that we do earlier when
writing pos[xc++], but it was left off of the last
write command. Since "n" will be 0 if we get to the
end of the array, it prevents us from writing beyond
that.
---
 plug-ins/file-fli/fli.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: gimp-2.10.30/plug-ins/file-fli/fli.c
===================================================================
--- gimp-2.10.30.orig/plug-ins/file-fli/fli.c
+++ gimp-2.10.30/plug-ins/file-fli/fli.c
@@ -1026,7 +1026,7 @@ fli_read_lc_2 (FILE          *f,
               xc += len << 1;
             }
         }
-      if (lpf)
+      if (lpf && xc < n)
         pos[xc] = lpn;
       yc++;
     }
openSUSE Build Service is sponsored by
Places