From 09f66d960cfcbc1d3361e8f507f7003ee4f946f6 Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Wed, 11 Jun 2025 11:41:23 +0800
Subject: [PATCH] Fix CVE-2025-5473

---
 CVE-2025-5473.patch | 38 ++++++++++++++++++++++++++++++++++++++
 gimp.spec           |  6 +++++-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2025-5473.patch

diff --git a/CVE-2025-5473.patch b/CVE-2025-5473.patch
new file mode 100644
index 0000000..4efaa49
--- /dev/null
+++ b/CVE-2025-5473.patch
@@ -0,0 +1,38 @@
+From c855d1df60ebaf5ef8d02807d448eb088f147a2b Mon Sep 17 00:00:00 2001
+From: Alx Sa <cmyk.student@gmail.com>
+Date: Sat, 3 May 2025 14:13:46 +0000
+Subject: [PATCH] plug-ins: ZDI-CAN-26752 mitigation
+
+Origin: https://gitlab.gnome.org/GNOME/gimp/-/commit/c855d1df60ebaf5ef8d02807d448eb088f147a2b
+
+Resolves #13910
+Since ICO can store PNGs, it's possible to create an
+icon that's much larger than the stated image size and
+cause a buffer overflow.
+This patch adds a check to make sure the width * height * 4
+calculation does not overflow in addition to making sure it
+doesn't exceed the maximum allowed size for that icon.
+---
+ plug-ins/file-ico/ico-load.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/plug-ins/file-ico/ico-load.c b/plug-ins/file-ico/ico-load.c
+index 9a222998bc1..818cf23cd31 100644
+--- a/plug-ins/file-ico/ico-load.c
++++ b/plug-ins/file-ico/ico-load.c
+@@ -299,7 +299,11 @@ ico_read_png (FILE    *fp,
+   png_read_info (png_ptr, info);
+   png_get_IHDR (png_ptr, info, &w, &h, &bit_depth, &color_type,
+                 NULL, NULL, NULL);
+-  if (w*h*4 > maxsize)
++  /* Check for overflow */
++  if ((w * h * 4) < w       ||
++      (w * h * 4) < h       ||
++      (w * h * 4) < (w * h) ||
++      (w * h * 4) > maxsize)
+     {
+       png_destroy_read_struct (&png_ptr, &info, NULL);
+       return FALSE;
+-- 
+GitLab
+
diff --git a/gimp.spec b/gimp.spec
index fd53626..4a45e0d 100644
--- a/gimp.spec
+++ b/gimp.spec
@@ -1,6 +1,6 @@
 Name:           gimp
 Version:        2.10.6
-Release:        13
+Release:        14
 Epoch:          2
 Summary:        A versatile graphics manipulation package
 License:        GPLv3+ and GPLv3
@@ -21,6 +21,7 @@ Patch6008:      CVE-2025-48797-4.patch
 Patch6009:      CVE-2025-48798-1.patch
 Patch6010:      CVE-2025-48798-2.patch
 Patch6011:      CVE-2025-48798-3.patch
+Patch6012:      CVE-2025-5473.patch
 
 %global apiversion 2.0
 %global textversion 20
@@ -267,6 +268,9 @@ make check %{?_smp_mflags}
 %{_mandir}/man*/*
 
 %changelog
+* Wed Jun 11 2025 wangkai <13474090681@163.com> - 2:2.10.6-14
+- Fix CVE-2025-5473
+
 * Fri May 30 2025 wangkai <13474090681@163.com> - 2:2.10.6-13
 - Fix CVE-2025-48797 CVE-2025-48798
 
-- 
Gitee