Fix CVE-2025-2761

CVE-2025-2761.patch

@@ -0,0 +1,35 @@
+From 0806bc76ca74543d20e1307ccf6aebd26395c56c Mon Sep 17 00:00:00 2001
+From: Alx Sa <cmyk.student@gmail.com>
+Date: Mon, 10 Mar 2025 04:07:44 +0000
+Subject: [PATCH] plug-ins: Fix ZDI-CAN-25100 for FLI plug-in
+
+Origin: https://gitlab.gnome.org/GNOME/gimp/-/commit/0806bc76ca74543d20e1307ccf6aebd26395c56c
+
+Resolves #13073
+This patch adds a check to make sure we're not
+writing beyond the bounds of the "pos" array.
+This is the same check that we do earlier when
+writing pos[xc++], but it was left off of the last
+write command. Since "n" will be 0 if we get to the
+end of the array, it prevents us from writing beyond
+that.
+---
+ plug-ins/file-fli/fli.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c
+index 85dcc994395..1aba31e8f90 100644
+--- a/plug-ins/file-fli/fli.c
++++ b/plug-ins/file-fli/fli.c
+@@ -1529,7 +1529,7 @@ fli_read_lc_2 (FILE          *f,
+               xc += len << 1;
+             }
+         }
+-      if (lpf)
++      if (lpf && xc < n)
+         pos[xc] = lpn;
+       yc++;
+     }
+-- 
+GitLab
+

gimp.spec

@@ -1,6 +1,6 @@
 Name:           gimp
 Version:        2.10.6
-Release:        11
+Release:        12
 Epoch:          2
 Summary:        A versatile graphics manipulation package
 License:        GPLv3+ and GPLv3
@@ -13,6 +13,7 @@ Patch6001:      CVE-2021-45463.patch
 Patch6002:      CVE-2023-44442.patch
 # https://gitlab.gnome.org/GNOME/gimp/-/commit/e1bfd87195e4fe60a92df70cde65464d032dd3c1
 Patch6003:      CVE-2023-44444.patch
+Patch6004:      CVE-2025-2761.patch
 
 %global apiversion 2.0
 %global textversion 20
@@ -259,6 +260,9 @@ make check %{?_smp_mflags}
 %{_mandir}/man*/*
 
 %changelog
+* Tue May 06 2025 wangkai <13474090681@163.com> - 2:2.10.6-12
+- Fix CVE-2025-2761
+
 * Thu Dec 7 2023 liyanan <liyanan61@h-partners.com> - 2:2.10.6-11
 - Del useless buildrequire gdb