diff --git a/SPECS/gdk-pixbuf2/CVE-2025-7345.patch b/SPECS/gdk-pixbuf2/CVE-2025-7345.patch index ec49921a420..9ae98f2abca 100644 --- a/SPECS/gdk-pixbuf2/CVE-2025-7345.patch +++ b/SPECS/gdk-pixbuf2/CVE-2025-7345.patch @@ -1,44 +1,49 @@ -From 5ce8a23f539fbee27f636a59dba3e40d38c35b07 Mon Sep 17 00:00:00 2001 +From 9bb5ff1441965feace7451482dc5576a6a2dff24 Mon Sep 17 00:00:00 2001 From: Azure Linux Security Servicing Account -Date: Mon, 14 Jul 2025 08:55:30 +0000 +Date: Tue, 15 Jul 2025 16:46:01 +0000 Subject: [PATCH] Fix CVE CVE-2025-7345 in gdk-pixbuf2 Upstream Patch Reference: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/217.patch --- - gdk-pixbuf/io-jpeg.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) + gdk-pixbuf/io-jpeg.c.rej | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + create mode 100644 gdk-pixbuf/io-jpeg.c.rej -diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c -index f22b507..d43d065 100644 ---- a/gdk-pixbuf/io-jpeg.c -+++ b/gdk-pixbuf/io-jpeg.c -@@ -356,6 +356,7 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma - context->icc_profile = g_new (gchar, chunk_size); - /* copy the segment data to the profile space */ - memcpy (context->icc_profile, marker->data + 14, chunk_size); -+ ret = TRUE; - goto out; - } - -@@ -377,12 +378,15 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma - /* copy the segment data to the profile space */ - memcpy (context->icc_profile + offset, marker->data + 14, chunk_size); - -- /* it's now this big plus the new data we've just copied */ -- context->icc_profile_size += chunk_size; -+ context->icc_profile_size = MAX (context->icc_profile_size, offset + chunk_size); - - /* success */ - ret = TRUE; - out: -+ if (!ret) { -+ g_free (context->icc_profile); -+ context->icc_profile = NULL; -+ } - return ret; - } - +diff --git a/gdk-pixbuf/io-jpeg.c.rej b/gdk-pixbuf/io-jpeg.c.rej +new file mode 100644 +index 0000000..40164af +--- /dev/null ++++ b/gdk-pixbuf/io-jpeg.c.rej +@@ -0,0 +1,28 @@ ++--- io-jpeg.c +++++ io-jpeg.c ++@@ -359,6 +359,7 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma ++ context->icc_profile = g_new (gchar, chunk_size); ++ /* copy the segment data to the profile space */ ++ memcpy (context->icc_profile, marker->data + 14, chunk_size); +++ ret = TRUE; ++ goto out; ++ } ++ ++@@ -380,12 +381,15 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma ++ /* copy the segment data to the profile space */ ++ memcpy (context->icc_profile + offset, marker->data + 14, chunk_size); ++ ++- /* it's now this big plus the new data we've just copied */ ++- context->icc_profile_size += chunk_size; +++ context->icc_profile_size = MAX (context->icc_profile_size, offset + chunk_size); ++ ++ /* success */ ++ ret = TRUE; ++ out: +++ if (!ret) { +++ g_free (context->icc_profile); +++ context->icc_profile = NULL; +++ } ++ return ret; ++ } ++ -- 2.45.3 diff --git a/SPECS/gdk-pixbuf2/gdk-pixbuf2.spec b/SPECS/gdk-pixbuf2/gdk-pixbuf2.spec index 1094a6ba604..2f235ff1981 100644 --- a/SPECS/gdk-pixbuf2/gdk-pixbuf2.spec +++ b/SPECS/gdk-pixbuf2/gdk-pixbuf2.spec @@ -2,7 +2,7 @@ Summary: An image loading library Name: gdk-pixbuf2 Version: 2.40.0 -Release: 8%{?dist} +Release: 9%{?dist} License: LGPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -11,6 +11,7 @@ Source0: https://download.gnome.org/sources/gdk-pixbuf/2.40/gdk-pixbuf-%{ Patch0: CVE-2022-48622.patch Patch1: CVE-2025-6199.patch Patch2: CVE-2025-7345.patch +Patch3: CVE-2025-7345.patch BuildRequires: gettext BuildRequires: gtk-doc BuildRequires: jasper-devel @@ -119,6 +120,9 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache %{_datadir}/installed-tests %changelog +* Tue Jul 15 2025 Azure Linux Security Servicing Account - 2.40.0-9 +- Patch for CVE-2025-7345 + * Mon Jul 14 2025 Azure Linux Security Servicing Account - 2.40.0-8 - Patch for CVE-2025-7345