Overview

File gimp-CVE-2026-2045.patch of Package gimp

From bb896f67942557658b3fbfc67a1c073775c002c7 Mon Sep 17 00:00:00 2001
From: Jacob Boerema <jgboerema@gmail.com>
Date: Thu, 15 Jan 2026 10:12:07 -0500
Subject: [PATCH] plug-ins: fix #15293 security issue ZDI-CAN-28265

Just like we did in commit 4eb106f2bff2d9b8e518aa455a884c6f38d70c6a
we need to make sure that the offset in the colormap is valid before
using it, before using it to compute the RGB values.

(cherry picked from commit 68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275)
---
 plug-ins/common/file-xwd.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c
index 77d9ea5d9f..a016c55cd8 100644
--- a/plug-ins/common/file-xwd.c
+++ b/plug-ins/common/file-xwd.c
@@ -1712,7 +1712,15 @@ load_xwd_f2_d16_b16 (GFile           *file,
 
   for (j = 0; j < ncols; j++)
     {
-      cm = ColorMap + xwdcolmap[j].l_pixel * 3;
+      goffset offset = xwdcolmap[j].l_pixel * 3;
+
+      if (offset+2 >= maxval)
+        {
+          g_set_error (error, GIMP_PLUG_IN_ERROR, 0,
+                        _("Invalid colormap offset. Possibly corrupt image."));
+          return NULL;
+        }
+      cm = ColorMap + offset;
       *(cm++) = (xwdcolmap[j].l_red >> 8);
       *(cm++) = (xwdcolmap[j].l_green >> 8);
       *cm = (xwdcolmap[j].l_blue >> 8);
-- 
2.53.0
openSUSE Build Service is sponsored by
Places