1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
From: Alx Sa <cmyk.student@gmail.com>
Date: Sat, 23 Sep 2023 20:40:18 +0000
Subject: plug-ins: Fix vulnerabilities in file-psp
Origin: https://gitlab.gnome.org/GNOME/gimp/-/commit/ef12c0a90752a06d4c465a768d052b07f5e8a8a0
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-44444
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-44443
Bug-Debian: https://bugs.debian.org/1055984
Backports commits e1bfd871 and 96f536a3
from master
---
plug-ins/common/file-psp.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
index c0f3480641c2..6a6b93d0cde7 100644
--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
@@ -1128,8 +1128,17 @@ read_color_block (FILE *f,
}
color_palette_entries = GUINT32_FROM_LE (entry_count);
+ /* TODO: GIMP currently only supports a maximum of 256 colors
+ * in an indexed image. If this changes, we can change this check */
+ if (color_palette_entries > 256)
+ {
+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+ _("Error: Unsupported palette size"));
+ return -1;
+ }
+
/* psp color palette entries are stored as RGBA so 4 bytes per entry
- where the fourth bytes is always zero */
+ * where the fourth bytes is always zero */
pal_size = color_palette_entries * 4;
color_palette = g_malloc (pal_size);
if (fread (color_palette, pal_size, 1, f) < 1)
@@ -1498,7 +1507,7 @@ read_channel_data (FILE *f,
else
endq = q + line_width * height;
- buf = g_malloc (127);
+ buf = g_malloc (128);
while (q < endq)
{
fread (&runcount, 1, 1, f);
--
2.42.0
|
