From: Alx Sa Date: Fri, 29 Sep 2023 20:39:29 +0000 Subject: plug-ins: Fix vulnerability in file-psd Origin: https://gitlab.gnome.org/GNOME/gimp/-/commit/985c0a20e18b5b3b8a48ee9cb12287b1d5732d3d Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-44442 Bug-Debian: https://bugs.debian.org/1055984 Resolves #10101. This patch adds a missing break statement after an error condition is detected to prevent the code from continuing afterwards. --- plug-ins/file-psd/psd-util.c | 1 + 1 file changed, 1 insertion(+) diff --git a/plug-ins/file-psd/psd-util.c b/plug-ins/file-psd/psd-util.c index 1eccdd640e1c..34b442dc4966 100644 --- a/plug-ins/file-psd/psd-util.c +++ b/plug-ins/file-psd/psd-util.c @@ -518,6 +518,7 @@ decode_packbits (const gchar *src, { IFDBG(2) g_debug ("Overrun in packbits replicate of %d chars", n - unpack_left); error_code = 2; + break; } memset (dst, *src, n); src++; -- 2.42.0