gdk-pixbuf: Fix CVE-2026-5201

author Vijay Anusuri <vanusuri@mvista.com>

Tue, 28 Apr 2026 07:02:39 +0000 (12:32 +0530)

committer Fabien Thomas <fabien.thomas@smile.fr>

Tue, 5 May 2026 11:01:04 +0000 (13:01 +0200)
author Vijay Anusuri <vanusuri@mvista.com>
Tue, 28 Apr 2026 07:02:39 +0000 (12:32 +0530)
committer Fabien Thomas <fabien.thomas@smile.fr>
Tue, 5 May 2026 11:01:04 +0000 (13:01 +0200)
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch

new file mode 100644 (file)

index 0000000..97e0ddd
--- /dev/null
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch
@@ -0,0 +1,44 @@
+From 6cce9311e70b969cbcc6e3e1e74ae1756ed02d5b Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Mon, 30 Mar 2026 12:21:56 -0400
+Subject: [PATCH] jpeg: Reject unsupported number of components
+
+This condition was already checked for incremental loading.
+This commit adds the same check in the nonincremental
+code path.
+
+Closes: #304
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/6cce9311e70b969cbcc6e3e1e74ae1756ed02d5b]
+CVE: CVE-2026-5201
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ gdk-pixbuf/io-jpeg.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
+index 9ee1d21..d419812 100644
+--- a/gdk-pixbuf/io-jpeg.c
++++ b/gdk-pixbuf/io-jpeg.c
+@@ -625,6 +625,18 @@ gdk_pixbuf__real_jpeg_image_load (FILE *f, struct jpeg_decompress_struct *cinfo,
+       cinfo->do_fancy_upsampling = FALSE;
+       cinfo->do_block_smoothing = FALSE;
+ 
++      /* Reject unsupported component counts */
++      if (cinfo->output_components != 3 && cinfo->output_components != 4 &&
++          !(cinfo->output_components == 1 &&
++            cinfo->out_color_space == JCS_GRAYSCALE)) {
++              g_set_error (error,
++                           GDK_PIXBUF_ERROR,
++                           GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
++                           _("Unsupported number of color components (%d)"),
++                           cinfo->output_components);
++              goto out;
++      }
++
+       pixbuf = gdk_pixbuf_new (GDK_COLORSPACE_RGB, 
+                                cinfo->out_color_components == 4 ? TRUE : FALSE, 
+                                8,
+-- 
+2.43.0
+
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb

index 7c58fe1e1d678489921e42d4d57ec10c48da86e5..2f0de425b54b8c00b4602f17ee28035e75a74f67 100644 (file)
--- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb
@@ -22,6 +22,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
             file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \
             file://CVE-2025-7345.patch \
             file://CVE-2025-6199.patch \
+           file://CVE-2026-5201.patch \
             "
  
  SRC_URI[sha256sum] = "b9505b3445b9a7e48ced34760c3bcb73e966df3ac94c95a148cb669ab748e3c7"
author	Vijay Anusuri <vanusuri@mvista.com>
	Tue, 28 Apr 2026 07:02:39 +0000 (12:32 +0530)
committer	Fabien Thomas <fabien.thomas@smile.fr>
	Tue, 5 May 2026 11:01:04 +0000 (13:01 +0200)
meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch	[new file with mode: 0644]	patch \| blob
meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb		patch \| blob \| blame \| history