gdk-pixbuf: Fix CVE-2025-6199

Backport the fix for CVE-2025-6199 Add below patch to fix CVE-2025-6199.patch Reference: In Ubuntu and debian, fixed patch is given -> [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/c4986342b241cdc075259565f3fa7a7597d32a32] (From OE-Core rev: de8c5d9964086e960e6df1f58a6d675fdb761286) Signed-off-by: Shaik Moin <moins@kpit.com> [YC: Link to Debian security tracker: https://security-tracker.debian.org/tracker/CVE-2025-6199 ] Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Shaik Moin <careers.myinfo@gmail.com> 2026-02-26 09:17:15 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2026-03-16 10:22:06 +0000
commit: dbbf9b9d82a18faf1eb23808e6103722f43461d2 (patch)
tree: 737dc7f20ce0cf4335c7a22578d801bd5a48c7e8 /meta
parent: 7d50718f90c51fb7f650c9db59b28c6e0194e5d2 (diff)
download: poky-dbbf9b9d82a18faf1eb23808e6103722f43461d2.tar.gz
2 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch
new file mode 100644
index 0000000000..1952e3ceaf
--- /dev/null
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch
@@ -0,0 +1,36 @@
+From 140200be0b4d5355aab76a6fd474e17d117045ca Mon Sep 17 00:00:00 2001
+From: lumi <lumi@suwi.moe>
+Date: Sat, 7 Jun 2025 22:27:06 +0200
+Subject: [PATCH] lzw: Fix reporting of bytes written in decoder
+When the LZW decoder encounters an invalid code, it stops
+processing the image and returns the whole buffer size.
+It should return the amount of bytes written, instead.
+Fixes #257
+CVE: CVE-2025-6199
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/c4986342b241cdc075259565f3fa7a7597d32a32]
+Signed-off-by: Shaik Moin <moins@kpit.com>
+---
+ gdk-pixbuf/lzw.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c
+index 15293560b..4f3dd8beb 100644
+--- a/gdk-pixbuf/lzw.c
+++ b/gdk-pixbuf/lzw.c
+@@ -208,7 +208,7 @@ lzw_decoder_feed (LZWDecoder *self,
+                                 /* Invalid code received - just stop here */
+                                 if (self->code >= self->code_table_size) {
+                                         self->last_code = self->eoi_code;
+-                                        return output_length;
+                                        return n_written;
+                                 }
+ 
+                                 /* Convert codeword into indexes */
+-- 
+2.34.1
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb
index ff1c7a1fb2..7c58fe1e1d 100644
--- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb
@@ -21,6 +21,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
           file://fatal-loader.patch \
           file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \
           file://CVE-2025-7345.patch \
+           file://CVE-2025-6199.patch \
           "
 SRC_URI[sha256sum] = "b9505b3445b9a7e48ced34760c3bcb73e966df3ac94c95a148cb669ab748e3c7"
author	Shaik Moin <careers.myinfo@gmail.com>	2026-02-26 09:17:15 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2026-03-16 10:22:06 +0000
commit	dbbf9b9d82a18faf1eb23808e6103722f43461d2 (patch)
tree	737dc7f20ce0cf4335c7a22578d801bd5a48c7e8 /meta
parent	7d50718f90c51fb7f650c9db59b28c6e0194e5d2 (diff)
download	poky-dbbf9b9d82a18faf1eb23808e6103722f43461d2.tar.gz

diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch new file mode 100644 index 0000000000..1952e3ceaf --- /dev/null +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch
@@ -0,0 +1,36 @@
		1	From 140200be0b4d5355aab76a6fd474e17d117045ca Mon Sep 17 00:00:00 2001
		2	From: lumi <lumi@suwi.moe>
		3	Date: Sat, 7 Jun 2025 22:27:06 +0200
		4	Subject: [PATCH] lzw: Fix reporting of bytes written in decoder
		5
		6	When the LZW decoder encounters an invalid code, it stops
		7	processing the image and returns the whole buffer size.
		8	It should return the amount of bytes written, instead.
		9
		10	Fixes #257
		11
		12	CVE: CVE-2025-6199
		13
		14	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/c4986342b241cdc075259565f3fa7a7597d32a32]
		15
		16	Signed-off-by: Shaik Moin <moins@kpit.com>
		17	---
		18	gdk-pixbuf/lzw.c \| 2 +-
		19	1 file changed, 1 insertion(+), 1 deletion(-)
		20
		21	diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c
		22	index 15293560b..4f3dd8beb 100644
		23	--- a/gdk-pixbuf/lzw.c
		24	+++ b/gdk-pixbuf/lzw.c
		25	@@ -208,7 +208,7 @@ lzw_decoder_feed (LZWDecoder *self,
		26	/* Invalid code received - just stop here */
		27	if (self->code >= self->code_table_size) {
		28	self->last_code = self->eoi_code;
		29	- return output_length;
		30	+ return n_written;
		31	}
		32
		33	/* Convert codeword into indexes */
		34	--
		35	2.34.1
		36


diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb index ff1c7a1fb2..7c58fe1e1d 100644 --- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb
@@ -21,6 +21,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
21	file://fatal-loader.patch \	21	file://fatal-loader.patch \
22	file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \	22	file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \
23	file://CVE-2025-7345.patch \	23	file://CVE-2025-7345.patch \
		24	file://CVE-2025-6199.patch \
24	"	25	"
25		26
26	SRC_URI[sha256sum] = "b9505b3445b9a7e48ced34760c3bcb73e966df3ac94c95a148cb669ab748e3c7"	27	SRC_URI[sha256sum] = "b9505b3445b9a7e48ced34760c3bcb73e966df3ac94c95a148cb669ab748e3c7"