MGASA-2017-0398

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0398.html

Import Source

https://advisories.mageia.org/MGASA-2017-0398.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0398

Related

CVE-2017-2888

Published

2017-11-02T21:47:07Z

Modified

2017-11-02T21:09:52Z

Summary

Updated sdl2 packages fix security vulnerability

Details

Yves Younan of Cisco Talos discovered an exploitable integer overflow vulnerability when creating a new RGB Surface in SDL 2.0.x before version 2.0.7. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability (CVE-2017-2888).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / sdl2

Package

Name: sdl2
Purl: pkg:rpm/mageia/sdl2?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.5-2.1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / mingw-SDL2

Package

Name: mingw-SDL2
Purl: pkg:rpm/mageia/mingw-SDL2?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.5-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / sdl2

Package

Name: sdl2
Purl: pkg:rpm/mageia/sdl2?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.3-4.1.mga5

Ecosystem specific

{
    "section": "core"
}