From cf3cada9a6561310b0215c73f2a28f3e627f6102 Mon Sep 17 00:00:00 2001
From: yujingbo <yujingbo@kylinos.cn>
Date: Thu, 30 Oct 2025 10:40:56 +0800
Subject: [PATCH] fix CVE-2025-10934

---
 CVE-2025-10934.patch | 46 ++++++++++++++++++++++++++++++++++++++++++++
 gimp.spec            |  6 +++++-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2025-10934.patch

diff --git a/CVE-2025-10934.patch b/CVE-2025-10934.patch
new file mode 100644
index 0000000..d18fcaf
--- /dev/null
+++ b/CVE-2025-10934.patch
@@ -0,0 +1,46 @@
+From 5c3e2122d53869599d77ef0f1bdece117b24fd7c Mon Sep 17 00:00:00 2001
+From: Jacob Boerema <jgboerema@gmail.com>
+Date: Wed, 3 Sep 2025 18:37:26 -0400
+Subject: [PATCH] plug-ins: fix ZDI-CAN-27823
+
+Origin: https://github.com/GNOME/gimp/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c
+
+GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution
+Vulnerability.
+
+Check offset in colormap is valid before writing to it.
+
+Closes #14814
+
+(cherry picked from commit 4eb106f2bff2d9b8e518aa455a884c6f38d70c6a)
+---
+ plug-ins/common/file-xwd.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c
+index 8d013397be6..c4c41e5bea7 100644
+--- a/plug-ins/common/file-xwd.c
++++ b/plug-ins/common/file-xwd.c
+@@ -1683,9 +1683,20 @@ load_xwd_f2_d16_b16 (GFile           *file,
+           greenval = (green * 255) / maxgreen;
+           for (blue = 0; blue <= maxblue; blue++)
+             {
++              guint32 offset = ((red << redshift) + (green << greenshift) +
++                                (blue << blueshift)) * 3;
++
++              if (offset+2 >= maxval)
++                {
++                  g_set_error (error, GIMP_PLUG_IN_ERROR, 0,
++                               _("Invalid colormap offset. Possibly corrupt image."));
++                  g_free (data);
++                  g_free (ColorMap);
++                  g_object_unref (buffer);
++                  return NULL;
++                }
+               blueval = (blue * 255) / maxblue;
+-              cm = ColorMap + ((red << redshift) + (green << greenshift)
+-                               + (blue << blueshift)) * 3;
++              cm = ColorMap + offset;
+               *(cm++) = redval;
+               *(cm++) = greenval;
+               *cm = blueval;
diff --git a/gimp.spec b/gimp.spec
index 6dbe18a..eec5a95 100644
--- a/gimp.spec
+++ b/gimp.spec
@@ -37,13 +37,14 @@
 
 Name:           gimp
 Version:        3.0.4
-Release:        1
+Release:        2
 Epoch:          2
 Summary:        The GNU Image Manipulation Program
 License:        GPL-3.0-or-later
 Group:          Productivity/Graphics/Bitmap Editors
 URL:            https://www.gimp.org/
 Source:         https://download.gimp.org/mirror/pub/gimp/v3.0/%{name}-%{version}.tar.xz
+Patch1:         CVE-2025-10934.patch
 BuildRequires:  meson >= 0.61.0
 BuildRequires:  aalib-devel
 BuildRequires:  babl-vala >= %{babl_version}
@@ -531,6 +532,9 @@ install -D -m0644 macros.gimp %{buildroot}%{_rpmconfigdir}/macros.d/macros.gimp
 %dir %{_libdir}/gimp/%{api_version}/extensions/org.gimp.extension.goat-exercises/locale
 
 %changelog
+* Thu Oct 30 2025 yujingbo <yujingbo@kylinos.cn> - 2:3.0.4-2
+- Fix CVE-2025-10934
+
 * Sat May 24 2025 Funda Wang <fundawang@yeah.net> - 2:3.0.4-1
 - update to version 3.0.4
 
-- 
Gitee