diff options
Diffstat (limited to 'extra/gimp/patch_CVE1913.patch')
| -rw-r--r-- | extra/gimp/patch_CVE1913.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/extra/gimp/patch_CVE1913.patch b/extra/gimp/patch_CVE1913.patch new file mode 100644 index 000000000..17bebe9e5 --- /dev/null +++ b/extra/gimp/patch_CVE1913.patch @@ -0,0 +1,30 @@ +From 32ae0f83e5748299641cceaabe3f80f1b3afd03e Mon Sep 17 00:00:00 2001 +From: Nils Philippsen <nils@redhat.com> +Date: Thu, 14 Nov 2013 13:29:01 +0000 +Subject: file-xwd: sanity check colormap size (CVE-2013-1913) + +--- +diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c +index c8e1a6e..343129a 100644 +--- a/plug-ins/common/file-xwd.c ++++ b/plug-ins/common/file-xwd.c +@@ -466,6 +466,17 @@ load_image (const gchar *filename, + /* Position to start of XWDColor structures */ + fseek (ifp, (long)xwdhdr.l_header_size, SEEK_SET); + ++ /* Guard against insanely huge color maps -- gimp_image_set_colormap() only ++ * accepts colormaps with 0..256 colors anyway. */ ++ if (xwdhdr.l_colormap_entries > 256) ++ { ++ g_message (_("'%s':\nIllegal number of colormap entries: %ld"), ++ gimp_filename_to_utf8 (filename), ++ (long)xwdhdr.l_colormap_entries); ++ fclose (ifp); ++ return -1; ++ } ++ + if (xwdhdr.l_colormap_entries > 0) + { + xwdcolmap = g_new (L_XWDCOLOR, xwdhdr.l_colormap_entries); +-- +cgit v0.9.2 |