File gimp-CVE-2025-10925.patch of Package gimp

From 002b22c15028b18557bd0823a081af9ed5316679 Mon Sep 17 00:00:00 2001
From: Alx Sa <cmyk.student@gmail.com>
Date: Thu, 4 Sep 2025 04:45:43 +0000
Subject: [PATCH] plug-ins: Fix ZDI-CAN-27793

GIMP ILBM File Parsing Stack-based Buffer Overflow
Remote Code Execution Vulnerability

Adds a check to file-iff.c to ensure the palette_size is
between 0 and 256.
---
 plug-ins/common/file-iff.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/plug-ins/common/file-iff.c b/plug-ins/common/file-iff.c
index 6c1418950d..d144a96a4c 100644
--- a/plug-ins/common/file-iff.c
+++ b/plug-ins/common/file-iff.c
@@ -328,7 +328,9 @@ load_image (GFile        *file,
       bitMapHeader = true_image->bitMapHeader;
       if (! bitMapHeader || ! true_image->body)
         {
-          g_message (_("ILBM contains no image data - likely a palette file"));
+          g_set_error (error, G_FILE_ERROR, g_file_error_from_errno (errno),
+                       _("ILBM contains no image data - likely a palette "
+                         "file"));
           return NULL;
         }
 
@@ -355,6 +357,13 @@ load_image (GFile        *file,
         {
           palette_size = colorMap->colorRegisterLength;
 
+          if (palette_size < 0 || palette_size > 256)
+            {
+              g_set_error (error, G_FILE_ERROR, g_file_error_from_errno (errno),
+                           _("Invalid ILBM colormap size"));
+              return NULL;
+            }
+
           for (gint j = 0; j < palette_size; j++)
             {
               gimp_cmap[j * 3]     = colorMap->colorRegister[j].red;
-- 
2.49.0