[rpms/krita] f43: Fix rhbz#2476573, CVE-2026-42144 integer overflow in PNM size check bypasses memory guard

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/krita] f43:   Fix rhbz#2476573, CVE-2026-42144 integer overflow in PNM size check bypasses memory guard
@ 2026-06-17  8:40 Than Ngo
  0 siblings, 0 replies; only message in thread
From: Than Ngo @ 2026-06-17  8:40 UTC (permalink / raw)
  To: git-commits

A new commit has been pushed.

Repo   : rpms/krita
Branch : f43
Commit : 9aacca6b249a08aaa12c002931b996a4032ae1da
Author : Than Ngo <than@redhat.com>
Date   : 2026-06-17T10:39:22+02:00
Stats  : +17/-1 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/krita/c/9aacca6b249a08aaa12c002931b996a4032ae1da?branch=f43

Log:
Fix rhbz#2476573, CVE-2026-42144 integer overflow in PNM size check bypasses memory guard

---
diff --git a/krita-gmic-CVE-2026-42144.patch b/krita-gmic-CVE-2026-42144.patch
new file mode 100644
index 0000000..454e513
--- /dev/null
+++ b/krita-gmic-CVE-2026-42144.patch
@@ -0,0 +1,12 @@
+diff -up krita-5.2.16/gmic-v3.6.4.1/src/CImg.h.me krita-5.2.16/gmic-v3.6.4.1/src/CImg.h
+--- krita-5.2.16/gmic-v3.6.4.1/src/CImg.h.me	2026-06-07 15:43:52.246693138 +0200
++++ krita-5.2.16/gmic-v3.6.4.1/src/CImg.h	2026-06-07 15:44:17.465262729 +0200
+@@ -57459,7 +57459,7 @@ namespace cimg_library {
+ 
+       if (filename) { // Check that dimensions specified in file does not exceed the buffer dimension
+         const cimg_int64 siz = cimg::fsize(filename);
+-        if (W*H*D>siz)
++        if ((cimg_int64)W*H*D>siz)
+           throw CImgIOException(_cimg_instance
+                                 "load_pnm(): Specified image dimensions in file '%s' exceed file size.",
+                                 cimg_instance,

diff --git a/krita.spec b/krita.spec
index ac18b0a..208c988 100644
--- a/krita.spec
+++ b/krita.spec
@@ -15,7 +15,7 @@
 
 Name:           krita
 Version:        5.2.16
-Release:        1%{?dist}
+Release:        2%{?dist}
 
 Summary:        Krita is a sketching and painting program
 License:        GPL-2.0-or-later
@@ -32,6 +32,7 @@ Source4:        https://github.com/vanyossi/gmic/releases/download/v%{gmic_versi
 Patch1: krita-5.2.15-appstream_validate.patch
 
 ## upstream patches
+Patch10: krita-gmic-CVE-2026-42144.patch
 
 # https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval
 ExcludeArch:    %{ix86}
@@ -225,6 +226,9 @@ desktop-file-validate %{buildroot}%{_kf5_datadir}/applications/org.kde.krita.des
 
 
 %changelog
+* Wed Jun 17 2026 Than Ngo <than@redhat.com> - 5.2.16-2
+- Fix rhbz#2476573, CVE-2026-42144 integer overflow in PNM size check bypasses memory guard
+
 * Thu Feb 26 2026 Yaakov Selkowitz <yselkowi@redhat.com> - 5.2.16-1
 - 5.2.16
 

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-17  8:40 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-17  8:40 [rpms/krita] f43: Fix rhbz#2476573, CVE-2026-42144 integer overflow in PNM size check bypasses memory guard Than Ngo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox