Patch gdk-pixbuf2 for CVE-2025-7345

Author: azurelinux-security

SPECS/gdk-pixbuf2/CVE-2025-7345.patch

@@ -1,44 +1,49 @@
-From 5ce8a23f539fbee27f636a59dba3e40d38c35b07 Mon Sep 17 00:00:00 2001
+From 9bb5ff1441965feace7451482dc5576a6a2dff24 Mon Sep 17 00:00:00 2001
 From: Azure Linux Security Servicing Account
  <[email protected]>
-Date: Mon, 14 Jul 2025 08:55:30 +0000
+Date: Tue, 15 Jul 2025 16:46:01 +0000
 Subject: [PATCH] Fix CVE CVE-2025-7345 in gdk-pixbuf2
 
 Upstream Patch Reference: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/217.patch
 ---
- gdk-pixbuf/io-jpeg.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
+ gdk-pixbuf/io-jpeg.c.rej | 28 ++++++++++++++++++++++++++++
+ 1 file changed, 28 insertions(+)
+ create mode 100644 gdk-pixbuf/io-jpeg.c.rej
 
-diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
-index f22b507..d43d065 100644
---- a/gdk-pixbuf/io-jpeg.c
-+++ b/gdk-pixbuf/io-jpeg.c
-@@ -356,6 +356,7 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
- 		context->icc_profile = g_new (gchar, chunk_size);
- 		/* copy the segment data to the profile space */
- 		memcpy (context->icc_profile, marker->data + 14, chunk_size);
-+                ret = TRUE;
- 		goto out;
- 	}
- 
-@@ -377,12 +378,15 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
- 	/* copy the segment data to the profile space */
- 	memcpy (context->icc_profile + offset, marker->data + 14, chunk_size);
- 
--	/* it's now this big plus the new data we've just copied */
--	context->icc_profile_size += chunk_size;
-+        context->icc_profile_size = MAX (context->icc_profile_size, offset + chunk_size);
- 
- 	/* success */
- 	ret = TRUE;
- out:
-+        if (!ret) {
-+                g_free (context->icc_profile);
-+                context->icc_profile = NULL;
-+        }
- 	return ret;
- }
- 
+diff --git a/gdk-pixbuf/io-jpeg.c.rej b/gdk-pixbuf/io-jpeg.c.rej
+new file mode 100644
+index 0000000..40164af
+--- /dev/null
++++ b/gdk-pixbuf/io-jpeg.c.rej
+@@ -0,0 +1,28 @@
++--- io-jpeg.c
+++++ io-jpeg.c
++@@ -359,6 +359,7 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
++ 		context->icc_profile = g_new (gchar, chunk_size);
++ 		/* copy the segment data to the profile space */
++ 		memcpy (context->icc_profile, marker->data + 14, chunk_size);
+++                ret = TRUE;
++ 		goto out;
++ 	}
++ 
++@@ -380,12 +381,15 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
++ 	/* copy the segment data to the profile space */
++ 	memcpy (context->icc_profile + offset, marker->data + 14, chunk_size);
++ 
++-	/* it's now this big plus the new data we've just copied */
++-	context->icc_profile_size += chunk_size;
+++        context->icc_profile_size = MAX (context->icc_profile_size, offset + chunk_size);
++ 
++ 	/* success */
++ 	ret = TRUE;
++ out:
+++        if (!ret) {
+++                g_free (context->icc_profile);
+++                context->icc_profile = NULL;
+++        }
++ 	return ret;
++ }
++ 
 -- 
 2.45.3
 

SPECS/gdk-pixbuf2/gdk-pixbuf2.spec

@@ -2,7 +2,7 @@
 Summary:        An image loading library
 Name:           gdk-pixbuf2
 Version:        2.40.0
-Release:        8%{?dist}
+Release:        9%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -11,6 +11,7 @@ Source0:        https://download.gnome.org/sources/gdk-pixbuf/2.40/gdk-pixbuf-%{
 Patch0:         CVE-2022-48622.patch
 Patch1:         CVE-2025-6199.patch
 Patch2:         CVE-2025-7345.patch
+Patch3:         CVE-2025-7345.patch
 BuildRequires:  gettext
 BuildRequires:  gtk-doc
 BuildRequires:  jasper-devel
@@ -119,6 +120,9 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
 %{_datadir}/installed-tests
 
 %changelog
+* Tue Jul 15 2025 Azure Linux Security Servicing Account <[email protected]> - 2.40.0-9
+- Patch for CVE-2025-7345
+
 * Mon Jul 14 2025 Azure Linux Security Servicing Account <[email protected]> - 2.40.0-8
 - Patch for CVE-2025-7345