1 files changed, 30 insertions, 0 deletions

diff --git a/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch b/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch
new file mode 100644
index 000000000000..e46703d3d3d4
--- /dev/null
+++ b/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch
@@ -0,0 +1,30 @@
+From 06d24a79af94837d615d0024916bb95a01bf3c59 Mon Sep 17 00:00:00 2001
+From: Jehan <jehan@girinstud.io>
+Date: Thu, 21 Dec 2017 12:15:34 +0100
+Subject: Bug 790784 - (CVE-2017-17784) heap overread in gbr parser /
+ load_image.
+
+We were assuming the input name was well formed, hence was
+nul-terminated. As any data coming from external input, this has to be
+thorougly checked.
+---
+ plug-ins/common/file-gbr.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c
+index b8933e7..585e74a 100644
+--- a/plug-ins/common/file-gbr.c
++++ b/plug-ins/common/file-gbr.c
+@@ -456,7 +456,8 @@ load_image (GFile   *file,
+ 
+       if (! g_input_stream_read_all (input, temp, size,
+                                      &bytes_read, NULL, error) ||
+-          bytes_read != size)
++          bytes_read != size                                   ||
++          temp[size - 1] != '\0')
+         {
+           g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+                        _("Error in GIMP brush file '%s'"),
+-- 
+cgit v0.12
+