eUgEntOptIc44/gimp
1
1
Fork 0
mirror of https://gitlab.gnome.org/GNOME/gimp.git synced 2025-10-06 01:12:40 +02:00
Code Issues Releases Activity

plug-ins: Fix ZDI-CAN-27793

Browse Source 
GIMP ILBM File Parsing Stack-based Buffer Overflow
Remote Code Execution Vulnerability

Adds a check to file-iff.c to ensure the palette_size is
between 0 and 256.
This commit is contained in:
Alx Sa
2025-09-04 04:45:43 +00:00
parent d27c580144
commit 002b22c150
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
plug-ins/common/file-iff.c
View File

@@ -328,7 +328,9 @@ load_image (GFile *file,
bitMapHeader = true_image->bitMapHeader;
if (! bitMapHeader || ! true_image->body)
{
g_message (_("ILBM contains no image data - likely a palette file"));
g_set_error (error, G_FILE_ERROR, g_file_error_from_errno (errno),
_("ILBM contains no image data - likely a palette "
"file"));
return NULL;
}
@@ -355,6 +357,13 @@ load_image (GFile *file,
{
palette_size = colorMap->colorRegisterLength;
if (palette_size < 0 || palette_size > 256)
{
g_set_error (error, G_FILE_ERROR, g_file_error_from_errno (errno),
_("Invalid ILBM colormap size"));
return NULL;
}
for (gint j = 0; j < palette_size; j++)
{
gimp_cmap[j * 3] = colorMap->colorRegister[j].red;