SUSE-SU-2018:3657-1

See a problem?
Please try reporting it to the source first.

Source

Import Source

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2018:3657-1

Related

Published

2018-11-07T15:19:23Z

Modified

2018-11-07T15:19:23Z

Summary

Security update for SDL_image

Details

This update for SDL_image fixes the following issues:

CVE-2017-14442: A specially crafted BMP image could have caused a stack overflow for an attacker that can display a specially crafted image (bsc#1084304).
CVE-2017-14450: A specially crafted GIF image could have caused a buffer overflow on a global section for an attacker that can display an image (bsc#1084288).
CVE-2017-12122: An exploitable code execution vulnerability exists in the ILBM image rendering functionality. A specially crafted ILBM image can cause a heap overflow resulting in code execution. (bsc#1084256).
CVE-2017-14440: An exploitable code execution vulnerability exists in the ILBM image rendering functionality. A specially crafted ILBM image can cause a stack overflow resulting in code execution. (bsc#1084257).
CVE-2017-14448: An exploitable code execution vulnerability exists in the XCF image rendering functionality. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (bsc#1084303).
CVE-2018-3839: An exploitable code execution vulnerability exists in the XCF image rendering functionality. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. (bsc#1089087).

References

Affected packages

Name: SDL_image
Purl: pkg:rpm/suse/SDL_image&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.6-84.42.1

{
    "binaries": [
        {
            "SDL_image": "1.2.6-84.42.1",
            "SDL_image-devel": "1.2.6-84.42.1"
        }
    ]
}