File gimp-CVE-2025-10920.patch of Package gimp
From 5f4329d324b0db7a857918941ef7e1d27f3d3992 Mon Sep 17 00:00:00 2001
From: Alx Sa <cmyk.student@gmail.com>
Date: Wed, 3 Sep 2025 13:41:10 +0000
Subject: [PATCH] plug-ins: Fix ZDI-CAN-27684
Prevent overflow attack by checking if
output >= max, not just output > max.
---
plug-ins/file-icns/file-icns-load.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/plug-ins/file-icns/file-icns-load.c b/plug-ins/file-icns/file-icns-load.c
index c8f16fef60..f2298c056e 100644
--- a/plug-ins/file-icns/file-icns-load.c
+++ b/plug-ins/file-icns/file-icns-load.c
@@ -323,7 +323,7 @@ icns_decompress (guchar *dest,
for (run -= 125; run > 0; run--)
{
- if (out > max)
+ if (out >= max)
{
g_message ("Corrupt icon? compressed run overflows output size.");
return FALSE;
@@ -341,7 +341,7 @@ icns_decompress (guchar *dest,
g_message ("Corrupt icon: uncompressed run overflows input size.");
return FALSE;
}
- if (out > max)
+ if (out >= max)
{
g_message ("Corrupt icon: uncompressed run overflows output size.");
return FALSE;
--
2.49.0
