Package: gimp / 2.10.34-1+deb12u3

CVE-2025-2761.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
From 0806bc76ca74543d20e1307ccf6aebd26395c56c Mon Sep 17 00:00:00 2001
From: Alx Sa <cmyk.student@gmail.com>
Date: Mon, 10 Mar 2025 04:07:44 +0000
Subject: [PATCH] plug-ins: Fix ZDI-CAN-25100 for FLI plug-in

Resolves #13073
This patch adds a check to make sure we're not
writing beyond the bounds of the "pos" array.
This is the same check that we do earlier when
writing pos[xc++], but it was left off of the last
write command. Since "n" will be 0 if we get to the
end of the array, it prevents us from writing beyond
that.
---
 plug-ins/file-fli/fli.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c
index 85dcc994395..1aba31e8f90 100644
--- a/plug-ins/file-fli/fli.c
+++ b/plug-ins/file-fli/fli.c
@@ -1529,7 +1529,7 @@ fli_read_lc_2 (FILE          *f,
               xc += len << 1;
             }
         }
-      if (lpf)
+      if (lpf && xc < n)
         pos[xc] = lpn;
       yc++;
     }
-- 
GitLab