Overview

File gimp-CVE-2025-14424.patch of Package gimp

From 5cc55d078b7fba995cef77d195fac325ee288ddd Mon Sep 17 00:00:00 2001
From: Jacob Boerema <jgboerema@gmail.com>
Date: Thu, 13 Nov 2025 18:26:51 -0500
Subject: [PATCH] app: fix #15288 crash when loading malformed xcf

ZDI-CAN-28376 vulnerability

Add extra tests to not crash on a NULL g_class.
---
 app/core/gimpitemlist.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/core/gimpitemlist.c b/app/core/gimpitemlist.c
index 93dfc83427..5aeb4916d8 100644
--- a/app/core/gimpitemlist.c
+++ b/app/core/gimpitemlist.c
@@ -345,7 +345,10 @@ gimp_item_list_named_new (GimpImage   *image,
   g_return_val_if_fail (GIMP_IS_IMAGE (image), NULL);
 
   for (iter = items; iter; iter = iter->next)
-    g_return_val_if_fail (g_type_is_a (G_OBJECT_TYPE (iter->data), item_type), NULL);
+    {
+      g_return_val_if_fail (iter->data && ((GTypeInstance*) (iter->data))->g_class, NULL);
+      g_return_val_if_fail (g_type_is_a (G_OBJECT_TYPE (iter->data), item_type), NULL);
+    }
 
   if (! items)
     {
-- 
2.52.0
openSUSE Build Service is sponsored by
Places