Issues #10071, #10072: Fix vulnerabilities in file-psp (!1085) · Merge requests · GNOME / GIMP

Alx Sa requested to merge alxsa-psp-security-fixes into master Sep 23, 2023

This patch attempts to resolve the vulnerabilities in #10071 and #10072.

buf = g_malloc () is raised from 127 to 128 to match the largest amount that can be read into that buffer.
Adds check when loading palettes to make sure the count doesn't exceed the largest possible unsigned 32 bit integer value when multiplied by 4 (since each palette is represented by a 4 byte RGBA value).

@ZDI: Hi! I think these fix the two problems you noted - but if there are further issues with the patches, let me know.

(Note that the vulnerability in #10071 is actually quite old, and was noted in GIMP 2.6 in 2011)

If approved, these can be easily backported to 2.10.

Issues #10071, #10072: Fix vulnerabilities in file-psp