gimp: patch CVE-2023-44443 and CVE-2023-44444

Details: https://nvd.nist.gov/vuln/detail/CVE-2023-44443 https://nvd.nist.gov/vuln/detail/CVE-2023-44444 The relevant upstream issues: https://gitlab.gnome.org/GNOME/gimp/-/issues/10072 https://gitlab.gnome.org/GNOME/gimp/-/issues/10071 For the backport, upstream has merged the two patches into one, solving both CVEs. That patch is in this change. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-04-02 02:49:12 +00:00 · 2026-03-09 19:21:00 +01:00 · 2026-03-09 19:21:00 +01:00 · 68a9fca0d8
commit 68a9fca0d8
parent 9cc3662bef
2 changed files with 48 additions and 0 deletions
--- a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2023-44443_CVE-2023-44444.patch
+++ b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2023-44443_CVE-2023-44444.patch
@ -0,0 +1,47 @@
+From 8a8c3fe7cdb498d05d8e61e6b0f36d9a314caa62 Mon Sep 17 00:00:00 2001
+From: Alx Sa <cmyk.student@gmail.com>
+Date: Sat, 23 Sep 2023 20:40:18 +0000
+Subject: [PATCH] plug-ins: Fix vulnerabilities in file-psp
+
+Backports commits e1bfd871 and 96f536a3
+from master
+
+CVE: CVE-2023-44443 CVE-2023-44444
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/ef12c0a90752a06d4c465a768d052b07f5e8a8a0]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ plug-ins/common/file-psp.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
+index c0f3480..6a6b93d 100644
+--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
+@@ -1128,8 +1128,17 @@ read_color_block (FILE      *f,
+     }
+ 
+   color_palette_entries = GUINT32_FROM_LE (entry_count);
+  /* TODO: GIMP currently only supports a maximum of 256 colors
+   * in an indexed image. If this changes, we can change this check */
+  if (color_palette_entries > 256)
+    {
+      g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+                   _("Error: Unsupported palette size"));
+      return -1;
+    }
+
+   /* psp color palette entries are stored as RGBA so 4 bytes per entry
+-     where the fourth bytes is always zero */
+   * where the fourth bytes is always zero */
+   pal_size = color_palette_entries * 4;
+   color_palette = g_malloc (pal_size);
+   if (fread (color_palette, pal_size, 1, f) < 1)
+@@ -1498,7 +1507,7 @@ read_channel_data (FILE        *f,
+         else
+           endq = q + line_width * height;
+ 
+-        buf = g_malloc (127);
+        buf = g_malloc (128);
+         while (q < endq)
+           {
+             fread (&runcount, 1, 1, f);
--- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb
+++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb
@ -50,6 +50,7 @@ SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2 \
           file://CVE-2022-32990-3.patch \
           file://CVE-2023-44441.patch \
           file://CVE-2023-44442.patch \
+           file://CVE-2023-44443_CVE-2023-44444.patch \
           "
 SRC_URI[sha256sum] = "88815daa76ed7d4277eeb353358bafa116cd2fcd2c861d95b95135c1d52b67dc"