Debian Patches
Status for gimp/3.0.4-3+deb13u6
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| plug-ins-dds-fix-12790-for-32-bit.patch | plug-ins/dds: fix #12790 for 32-bit On 32-bit systems the computed linear size can overflow, causing a crash. Use a function that checks for overflow when multiplying and return an error if that fails. As extra security also update the loop to compute the base offset after each line of data, and convert to gsize first when computing the size for g_malloc and memset. (cherry picked from commit c17b324910204a47828d6fbb542bdcefbd66bcc1) |
Jacob Boerema <jgboerema@gmail.com> | no | 2025-06-12 | ||
| CVE-2025-10924.patch | plug-ins: Fix ZDI-CAN-27836 | Alx Sa <cmyk.student@gmail.com> | no | 2025-09-03 | ||
| CVE-2025-10923.patch | plug-ins: fix ZDI-CAN-27878 | Jacob Boerema <jgboerema@gmail.com> | no | 2025-09-03 | ||
| CVE-2025-10922.patch | plug-ins: fix dicom plug-in ZDI-CAN-27863 | Jacob Boerema <jgboerema@gmail.com> | no | 2025-09-03 | ||
| CVE-2025-10920.patch | plug-ins: Fix ZDI-CAN-27684 | Alx Sa <cmyk.student@gmail.com> | no | 2025-09-03 | ||
| CVE-2025-10934.patch | plug-ins: fix ZDI-CAN-27823 | Jacob Boerema <jgboerema@gmail.com> | no | 2025-09-03 | ||
| CVE-2025-14424.patch | app: fix #15288 crash when loading malformed xcf | Jacob Boerema <jgboerema@gmail.com> | no | 2025-11-13 | ||
| CVE-2025-14423.patch | plug-ins: Fix ZDI-CAN-28311 | Alx Sa <cmyk.student@gmail.com> | no | 2025-11-23 | ||
| CVE-2025-14422.patch | plug-ins: Fix ZDI-CAN-28273 | Alx Sa <cmyk.student@gmail.com> | no | 2025-11-23 | ||
| CVE-2025-14425.patch | plug-ins: Mitigate ZDI-CAN-28248 for JP2 images | Alx Sa <cmyk.student@gmail.com> | no | 2025-11-12 | ||
| CVE-2025-15059.patch | plug-ins: fix #15284 ZDI-CAN-28232 vulnerability in file-psp | Jacob Boerema <jgboerema@gmail.com> | no | 2025-12-20 | ||
| plug-ins-fix-15812-PSD-loader-heap-buffer-overflow.patch | plug-ins: fix #15812 PSD loader: heap-buffer-overflow ... in fread_pascal_string In plug-ins/file-psd/psd-util.c, the function fread_pascal_string() allocates a buffer with g_malloc(len) and reads len bytes from the file into it. The buffer is not null-terminated, but is assumed to be in later code. This causes it to read past the end of its allocated region with a specially crafted PSD, causing a heap-buffer-overflow. Fix this by alloocating one more byte than its length and set that to '\0'. (cherry picked from commit 8cf2772f5631719ae0e4e701bd7ef793b1f59cfa) |
Jacob Boerema <jgboerema@gmail.com> | yes | debian upstream | https://gitlab.gnome.org/GNOME/gimp/-/commit/51a2d65a2df403f6da582173e0ddd7904356f5ae | 2026-02-06 |
| plug-ins-Fix-15732-PSP-File-Parsing-Integer-Overflow.patch | plug-ins: Fix #15732 PSP File Parsing Integer Overflow... Leading to Heap Corruption An integer overflow vulnerability has been identified in the PSP (Paint Shop Pro) file parser of GIMP. The issue occurs in the read_creator_block() function, where the Creator metadata block is processed. Specifically, a 32-bit length value read from the file is used directly for memory allocation without proper validation. Trigger -> when length is set to 0xFFFFFFFF To fix this, we check that using that length doesn't exceed the end of the creator block. If it does, we return with an error message. |
Jacob Boerema <jgboerema@gmail.com> | yes | debian upstream | https://gitlab.gnome.org/GNOME/gimp/-/commit/0e63f096fa5f7dc3fae0a8e865fd5a05ebe45da8 | 2026-01-23 |
| plug-ins-Add-overflow-checks-for-ICO-loading.patch | plug-ins: Add overflow checks for ICO loading As pointed out by Dhiraj, it is possible to set width and height values in the ICO header that will overflow a 32 bit integer when loaded in. This patch adds checks using g_size_check_mul () and g_try_new () to catch these overflows and prevent them from crashing the plug-in. |
Alx Sa <cmyk.student@gmail.com> | yes | debian upstream | https://gitlab.gnome.org/GNOME/gimp/-/commit/058ada8f3ffc0a42b7dd1561a8817c8cc83b7d2a | 2026-01-12 |
| plug-ins-fix-crash-due-to-uninitialized-ptr_array.patch | plug-ins: fix crash due to uninitialized ptr_array... when loading a specially crafted PSD. After fixing the issue in the previous commit, using the poc from that issue, a new issue surfaced where the ptr_array used for img_a->alpha_name did not contain any names. Trying to access the first index then caused a crash, because apparently that is only valid if at least one item has been added. Let's fix this by only creating the ptr_array when we know for sure that we are going to add an item. |
Jacob Boerema <jgboerema@gmail.com> | no | https://gitlab.gnome.org/GNOME/gimp/-/commit/02886e626df5e4c5f73f838a64fd3f21809dda09 | 2026-02-06 |
All known versions for source package 'gimp'
- 3.2.0~RC2-3.3 (sid)
- 3.2.0~RC2-3.1 (forky)
- 3.0.4-3+deb13u6 (trixie-security)
- 3.0.4-3+deb13u5 (trixie-proposed-updates)
- 3.0.4-3+deb13u2 (trixie)
- 2.10.34-1+deb12u8 (bookworm-security)
- 2.10.34-1+deb12u7 (bookworm-proposed-updates)
- 2.10.34-1+deb12u5 (bookworm)