pool/gimp
SHA256
19
0
Fork 4
Code Issues Pull Requests 1 Activity

Add gimp-CVE-2026-2239.patch (bsc#1257959) #8

Manually merged
mgorse merged 1 commits from mgorse/gimp:leap-16.0 into leap-16.0 2026-02-25 11:28:25 +01:00
Conversation 10 Commits 1 Files Changed 3 +45
3 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
gimp-CVE-2026-2239.patch Normal file
View File

@@ -0,0 +1,37 @@
From 8cf2772f5631719ae0e4e701bd7ef793b1f59cfa Mon Sep 17 00:00:00 2001
From: Jacob Boerema <jgboerema@gmail.com>
Date: Fri, 6 Feb 2026 15:56:07 -0500
Subject: [PATCH] plug-ins: fix #15812 PSD loader: heap-buffer-overflow ...
in fread_pascal_string
In plug-ins/file-psd/psd-util.c, the function fread_pascal_string()
allocates a buffer with g_malloc(len) and reads len bytes from the file
into it. The buffer is not null-terminated, but is assumed to be in
later code.
This causes it to read past the end of its allocated region with a
specially crafted PSD, causing a heap-buffer-overflow.
Fix this by alloocating one more byte than its length and set that
to '\0'.
---
plug-ins/file-psd/psd-util.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/plug-ins/file-psd/psd-util.c b/plug-ins/file-psd/psd-util.c
index e0cca2b4db..734155c57a 100644
--- a/plug-ins/file-psd/psd-util.c
+++ b/plug-ins/file-psd/psd-util.c
@@ -274,7 +274,8 @@ fread_pascal_string (gint32 *bytes_read,
return NULL;
}
- str = g_malloc (len);
+ str = g_malloc (len + 1);
+ str[len] = '\0';
if (psd_read (input, str, len, error) < len)
{
psd_set_error (error);
--
2.53.0

6
gimp.changes
View File

@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Feb 11 15:32:17 UTC 2026 - Michael Gorse <mgorse@suse.com>
- Add gimp-CVE-2026-2239.patch: fix a heap buffer overflow in
psd-util.c (bsc#1257959 CVE-2026-2239 glgo#GNOME/gimp#15812).
-------------------------------------------------------------------
Sun Jan 25 03:00:53 UTC 2026 - Marcus Rueckert <mrueckert@suse.de>

2
gimp.spec
View File

@@ -100,6 +100,8 @@ Source2: openSUSE.gpl
Patch1: gimp-2.99.19-cm-system-monitor-profile-by-default.patch
Patch2: gimp-2.99.19-external-help-browser.patch
Patch3: gimp-2.99.19-no-phone-home-default.patch
# PATCH-FIX-UPSTREAM gimp-2026-2239.patch bsc#1257959 mgorse@suse.com -- fix heap buffer overflow in psd-util.c.
Patch4: gimp-CVE-2026-2239.patch
%if %{with debug_in_build_gimp}
BuildRequires: gdb
%endif