|
| 1 | +From 5ce8a23f539fbee27f636a59dba3e40d38c35b07 Mon Sep 17 00:00:00 2001 |
| 2 | +From: Azure Linux Security Servicing Account |
| 3 | + |
| 4 | +Date: Mon, 14 Jul 2025 08:55:30 +0000 |
| 5 | +Subject: [PATCH] Fix CVE CVE-2025-7345 in gdk-pixbuf2 |
| 6 | + |
| 7 | +Upstream Patch Reference: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/217.patch |
| 8 | +--- |
| 9 | + gdk-pixbuf/io-jpeg.c | 8 ++++++-- |
| 10 | + 1 file changed, 6 insertions(+), 2 deletions(-) |
| 11 | + |
| 12 | +diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c |
| 13 | +index f22b507..d43d065 100644 |
| 14 | +--- a/gdk-pixbuf/io-jpeg.c |
| 15 | ++++ b/gdk-pixbuf/io-jpeg.c |
| 16 | +@@ -356,6 +356,7 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma |
| 17 | + context->icc_profile = g_new (gchar, chunk_size); |
| 18 | + /* copy the segment data to the profile space */ |
| 19 | + memcpy (context->icc_profile, marker->data + 14, chunk_size); |
| 20 | ++ ret = TRUE; |
| 21 | + goto out; |
| 22 | + } |
| 23 | + |
| 24 | +@@ -377,12 +378,15 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma |
| 25 | + /* copy the segment data to the profile space */ |
| 26 | + memcpy (context->icc_profile + offset, marker->data + 14, chunk_size); |
| 27 | + |
| 28 | +- /* it's now this big plus the new data we've just copied */ |
| 29 | +- context->icc_profile_size += chunk_size; |
| 30 | ++ context->icc_profile_size = MAX (context->icc_profile_size, offset + chunk_size); |
| 31 | + |
| 32 | + /* success */ |
| 33 | + ret = TRUE; |
| 34 | + out: |
| 35 | ++ if (!ret) { |
| 36 | ++ g_free (context->icc_profile); |
| 37 | ++ context->icc_profile = NULL; |
| 38 | ++ } |
| 39 | + return ret; |
| 40 | + } |
| 41 | + |
| 42 | +-- |
| 43 | +2.45.3 |
| 44 | + |
0 commit comments