openSUSE-SU-2019:2108-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:2108-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2019:2108-1
- Related
- Published
- 2019-09-10T14:20:24Z
- Modified
- 2019-09-10T14:20:24Z
- Summary
- Security update for SDL2_image
- Details
-
This update for SDL2_image fixes the following issues:
Update to new upstream release 2.0.5.
Security issues fixed:
- TALOS-2019-0820 CVE-2019-5051: exploitable heap-based buffer overflow vulnerability when loading a PCX file (boo#1140419)
- TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)
- TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)
- TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)
- TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image (boo#1143766)
- TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)
Not mentioned by upstream, but issues seemingly further fixed:
- CVE-2019-12218: NULL pointer dereference in the SDL2image function IMGLoadPCX_RW (boo#1135789)
- CVE-2019-12217: NULL pointer dereference in the SDL stdio_read function (boo#1135787)
- CVE-2019-12220: SDLimage triggers an out-of-bounds read in the SDL function SDLFreePalette_REAL (boo#1135806)
- CVE-2019-12221: a SEGV caused by SDLimage in SDL function SDLfreeREAL in stdlib/SDLmalloc.c (boo#1135796)
- CVE-2019-12222: out-of-bounds read triggered by SDLimage in the function SDLInvalidateMap at video/SDL_pixels.c (boo#1136101)
- CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).
This update was imported from the openSUSE:Leap:15.0:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L64IV5QDMXKI6JPESXNTCMESEKNUADR2/#L64IV5QDMXKI6JPESXNTCMESEKNUADR2
- https://bugzilla.suse.com/1135787
- https://bugzilla.suse.com/1135789
- https://bugzilla.suse.com/1135796
- https://bugzilla.suse.com/1135806
- https://bugzilla.suse.com/1136101
- https://bugzilla.suse.com/1140419
- https://bugzilla.suse.com/1140421
- https://bugzilla.suse.com/1141844
- https://bugzilla.suse.com/1143763
- https://bugzilla.suse.com/1143764
- https://bugzilla.suse.com/1143766
- https://bugzilla.suse.com/1143768
- https://www.suse.com/security/cve/CVE-2019-12217
- https://www.suse.com/security/cve/CVE-2019-12218
- https://www.suse.com/security/cve/CVE-2019-12220
- https://www.suse.com/security/cve/CVE-2019-12221
- https://www.suse.com/security/cve/CVE-2019-12222
- https://www.suse.com/security/cve/CVE-2019-13616
- https://www.suse.com/security/cve/CVE-2019-5051
- https://www.suse.com/security/cve/CVE-2019-5052
- https://www.suse.com/security/cve/CVE-2019-5057
- https://www.suse.com/security/cve/CVE-2019-5058
- https://www.suse.com/security/cve/CVE-2019-5059
- https://www.suse.com/security/cve/CVE-2019-5060
Affected packages
SUSE:Package Hub 15 / SDL2_image
Package
- Name
- SDL2_image
- Purl
- pkg:rpm/suse/SDL2_image&distro=SUSE%20Package%20Hub%2015