gimp: patch CVE-2025-14424

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14424 Pick the patch referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-12-29 15:52:55 +0100
committer: Khem Raj <raj.khem@gmail.com> 2025-12-31 08:28:49 -0800
commit: b16c1a543ac5e997d6d3aa27978393106d5a8937 (patch)
tree: d06caf84d6cdefa0c7f9a847d416e94af3b2b2bf
parent: 6aa5720e76d632f62f53ed7be7fe649138fbd55c (diff)
download: meta-openembedded-b16c1a543ac5e997d6d3aa27978393106d5a8937.tar.gz
2 files changed, 35 insertions, 0 deletions
diff --git a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14424.patch b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14424.patch
new file mode 100644
index 0000000000..e7821d3109
--- /dev/null
+++ b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14424.patch
@@ -0,0 +1,34 @@
+From d30875b606085316b1cb7ac1da0d26e5bac0cf2c Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Thu, 13 Nov 2025 18:26:51 -0500
+Subject: [PATCH] app: fix #15288 crash when loading malformed xcf
+From: Jacob Boerema <jgboerema@gmail.com>
+ZDI-CAN-28376 vulnerability
+Add extra tests to not crash on a NULL g_class.
+CVE: CVE-2025-14424
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/5cc55d078b7fba995cef77d195fac325ee288ddd]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ app/core/gimpitemlist.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+diff --git a/app/core/gimpitemlist.c b/app/core/gimpitemlist.c
+index 6473938..a431519 100644
+--- a/app/core/gimpitemlist.c
+++ b/app/core/gimpitemlist.c
+@@ -345,7 +345,10 @@ gimp_item_list_named_new (GimpImage   *image,
+   g_return_val_if_fail (GIMP_IS_IMAGE (image), NULL);
+ 
+   for (iter = items; iter; iter = iter->next)
+-    g_return_val_if_fail (g_type_is_a (G_OBJECT_TYPE (iter->data), item_type), NULL);
+    {
+      g_return_val_if_fail (iter->data && ((GTypeInstance*) (iter->data))->g_class, NULL);
+      g_return_val_if_fail (g_type_is_a (G_OBJECT_TYPE (iter->data), item_type), NULL);
+    }
+ 
+   if (! items)
+     {
diff --git a/meta-gnome/recipes-gimp/gimp/gimp_3.0.6.bb b/meta-gnome/recipes-gimp/gimp/gimp_3.0.6.bb
index 24281e5dfd..bc55aed06f 100644
--- a/meta-gnome/recipes-gimp/gimp/gimp_3.0.6.bb
+++ b/meta-gnome/recipes-gimp/gimp/gimp_3.0.6.bb
@@ -63,6 +63,7 @@ SRC_URI = "https://download.gimp.org/gimp/v3.0/${BP}.tar.xz \
           file://0001-meson.build-require-iso-codes-native.patch \
           file://CVE-2025-14422.patch \
           file://CVE-2025-14423.patch \
+           file://CVE-2025-14424.patch \
           "
 SRC_URI[sha256sum] = "246c225383c72ef9f0dc7703b7d707084bbf177bd2900e94ce466a62862e296b"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-12-29 15:52:55 +0100
committer	Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:49 -0800
commit	b16c1a543ac5e997d6d3aa27978393106d5a8937 (patch)
tree	d06caf84d6cdefa0c7f9a847d416e94af3b2b2bf
parent	6aa5720e76d632f62f53ed7be7fe649138fbd55c (diff)
download	meta-openembedded-b16c1a543ac5e997d6d3aa27978393106d5a8937.tar.gz

diff --git a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14424.patch b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14424.patch new file mode 100644 index 0000000000..e7821d3109 --- /dev/null +++ b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14424.patch
@@ -0,0 +1,34 @@
		1	From d30875b606085316b1cb7ac1da0d26e5bac0cf2c Mon Sep 17 00:00:00 2001
		2	From: Gyorgy Sarvari <skandigraun@gmail.com>
		3	Date: Thu, 13 Nov 2025 18:26:51 -0500
		4	Subject: [PATCH] app: fix #15288 crash when loading malformed xcf
		5
		6	From: Jacob Boerema <jgboerema@gmail.com>
		7
		8	ZDI-CAN-28376 vulnerability
		9
		10	Add extra tests to not crash on a NULL g_class.
		11
		12	CVE: CVE-2025-14424
		13	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/5cc55d078b7fba995cef77d195fac325ee288ddd]
		14	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		15	---
		16	app/core/gimpitemlist.c \| 5 ++++-
		17	1 file changed, 4 insertions(+), 1 deletion(-)
		18
		19	diff --git a/app/core/gimpitemlist.c b/app/core/gimpitemlist.c
		20	index 6473938..a431519 100644
		21	--- a/app/core/gimpitemlist.c
		22	+++ b/app/core/gimpitemlist.c
		23	@@ -345,7 +345,10 @@ gimp_item_list_named_new (GimpImage *image,
		24	g_return_val_if_fail (GIMP_IS_IMAGE (image), NULL);
		25
		26	for (iter = items; iter; iter = iter->next)
		27	- g_return_val_if_fail (g_type_is_a (G_OBJECT_TYPE (iter->data), item_type), NULL);
		28	+ {
		29	+ g_return_val_if_fail (iter->data && ((GTypeInstance*) (iter->data))->g_class, NULL);
		30	+ g_return_val_if_fail (g_type_is_a (G_OBJECT_TYPE (iter->data), item_type), NULL);
		31	+ }
		32
		33	if (! items)
		34	{


diff --git a/meta-gnome/recipes-gimp/gimp/gimp_3.0.6.bb b/meta-gnome/recipes-gimp/gimp/gimp_3.0.6.bb index 24281e5dfd..bc55aed06f 100644 --- a/meta-gnome/recipes-gimp/gimp/gimp_3.0.6.bb +++ b/meta-gnome/recipes-gimp/gimp/gimp_3.0.6.bb
@@ -63,6 +63,7 @@ SRC_URI = "https://download.gimp.org/gimp/v3.0/${BP}.tar.xz \
63	file://0001-meson.build-require-iso-codes-native.patch \	63	file://0001-meson.build-require-iso-codes-native.patch \
64	file://CVE-2025-14422.patch \	64	file://CVE-2025-14422.patch \
65	file://CVE-2025-14423.patch \	65	file://CVE-2025-14423.patch \
		66	file://CVE-2025-14424.patch \
66	"	67	"
67	SRC_URI[sha256sum] = "246c225383c72ef9f0dc7703b7d707084bbf177bd2900e94ce466a62862e296b"	68	SRC_URI[sha256sum] = "246c225383c72ef9f0dc7703b7d707084bbf177bd2900e94ce466a62862e296b"
68		69