gimp: patch CVE-2025-14424

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14424

Pick the patch referenced by the NVD report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14424.patch

@@ -0,0 +1,34 @@
+From d30875b606085316b1cb7ac1da0d26e5bac0cf2c Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Thu, 13 Nov 2025 18:26:51 -0500
+Subject: [PATCH] app: fix #15288 crash when loading malformed xcf
+
+From: Jacob Boerema <jgboerema@gmail.com>
+
+ZDI-CAN-28376 vulnerability
+
+Add extra tests to not crash on a NULL g_class.
+
+CVE: CVE-2025-14424
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/5cc55d078b7fba995cef77d195fac325ee288ddd]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ app/core/gimpitemlist.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/app/core/gimpitemlist.c b/app/core/gimpitemlist.c
+index 6473938..a431519 100644
+--- a/app/core/gimpitemlist.c
++++ b/app/core/gimpitemlist.c
+@@ -345,7 +345,10 @@ gimp_item_list_named_new (GimpImage   *image,
+   g_return_val_if_fail (GIMP_IS_IMAGE (image), NULL);
+ 
+   for (iter = items; iter; iter = iter->next)
+-    g_return_val_if_fail (g_type_is_a (G_OBJECT_TYPE (iter->data), item_type), NULL);
++    {
++      g_return_val_if_fail (iter->data && ((GTypeInstance*) (iter->data))->g_class, NULL);
++      g_return_val_if_fail (g_type_is_a (G_OBJECT_TYPE (iter->data), item_type), NULL);
++    }
+ 
+   if (! items)
+     {

meta-gnome/recipes-gimp/gimp/gimp_3.0.6.bb

@@ -63,6 +63,7 @@ SRC_URI = "https://download.gimp.org/gimp/v3.0/${BP}.tar.xz \
            file://0001-meson.build-require-iso-codes-native.patch \
            file://CVE-2025-14422.patch \
            file://CVE-2025-14423.patch \
+           file://CVE-2025-14424.patch \
            "
 SRC_URI[sha256sum] = "246c225383c72ef9f0dc7703b7d707084bbf177bd2900e94ce466a62862e296b"