1 files changed, 29 insertions, 0 deletions

diff --git a/debian/patches/plug-ins-Fix-vulnerability-in-file-psd.patch b/debian/patches/plug-ins-Fix-vulnerability-in-file-psd.patch
new file mode 100644
index 0000000..a6ba842
--- /dev/null
+++ b/debian/patches/plug-ins-Fix-vulnerability-in-file-psd.patch
@@ -0,0 +1,29 @@
+From: Alx Sa <cmyk.student@gmail.com>
+Date: Fri, 29 Sep 2023 20:39:29 +0000
+Subject: plug-ins: Fix vulnerability in file-psd
+Origin: https://gitlab.gnome.org/GNOME/gimp/-/commit/985c0a20e18b5b3b8a48ee9cb12287b1d5732d3d
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-44442
+Bug-Debian: https://bugs.debian.org/1055984
+
+Resolves #10101.
+This patch adds a missing break statement after an error condition
+is detected to prevent the code from continuing afterwards.
+---
+ plug-ins/file-psd/psd-util.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/plug-ins/file-psd/psd-util.c b/plug-ins/file-psd/psd-util.c
+index 1eccdd640e1c..34b442dc4966 100644
+--- a/plug-ins/file-psd/psd-util.c
++++ b/plug-ins/file-psd/psd-util.c
+@@ -518,6 +518,7 @@ decode_packbits (const gchar *src,
+             {
+               IFDBG(2) g_debug ("Overrun in packbits replicate of %d chars", n - unpack_left);
+               error_code = 2;
++              break;
+             }
+           memset (dst, *src, n);
+           src++;
+-- 
+2.42.0
+