gimp/SOURCES/gimp-CVE-2025-5473.patch
2025-06-17 10:24:43 +00:00

19 lines
631 B
Diff

diff --git a/plug-ins/file-ico/ico-load.c b/plug-ins/file-ico/ico-load.c
index 9a222998bc1..818cf23cd31 100644
--- a/plug-ins/file-ico/ico-load.c
+++ b/plug-ins/file-ico/ico-load.c
@@ -299,7 +299,11 @@ ico_read_png (FILE *fp,
png_read_info (png_ptr, info);
png_get_IHDR (png_ptr, info, &w, &h, &bit_depth, &color_type,
NULL, NULL, NULL);
- if (w*h*4 > maxsize)
+ /* Check for overflow */
+ if ((w * h * 4) < w ||
+ (w * h * 4) < h ||
+ (w * h * 4) < (w * h) ||
+ (w * h * 4) > maxsize)
{
png_destroy_read_struct (&png_ptr, &info, NULL);
return FALSE;
---