Bug 46959 - sdl-image1.2: Multiple issues (4.3)
sdl-image1.2: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-0-errata
Assigned To: Philipp Hahn
Arvid Requate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-04 17:18 CEST by Quality Assurance
Modified: 2018-05-16 17:04 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) NVD


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2018-05-04 17:18:58 CEST
New Debian sdl-image1.2 1.2.12-5+deb9u1 fixes:
This update addresses the following issues:
* An exploitable information vulnerability exists in the XCF image rendering
  functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially
  crafted XCF image can cause an out-of-bounds read on the heap, resulting in
  information disclosure. An attacker can display a specially crafted image
  to trigger this vulnerability. (CVE-2018-3838)
* An exploitable code execution vulnerability exists in the XCF image
  rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A
  specially crafted XCF image can cause an out-of-bounds write on the heap,
  resulting in code execution. An attacker can display a specially crafted
  image to trigger this vulnerability. (CVE-2018-3839)
* An exploitable code execution vulnerability exists in the XCF image
  rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image
  can cause a heap overflow resulting in code execution. An attacker can
  display a specially crafted image to trigger this vulnerability.
  (CVE-2017-14448)
* An exploitable buffer overflow vulnerability exists in the XCF property
  handling functionality of SDL_image 2.0.1. A specially crafted xcf file can
  cause a stack-based buffer overflow resulting in potential code execution.
  An attacker can provide a specially crafted XCF file to trigger this
  vulnerability. (CVE-2017-2887)
* An exploitable information disclosure vulnerability exists in the PCX image
  rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A
  specially crafted PCX image can cause an out-of-bounds read on the heap,
  resulting in information disclosure . An attacker can display a specially
  crafted image to trigger this vulnerability. (CVE-2018-3837)
* An exploitable code execution vulnerability exists in the BMP image
  rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image
  can cause a stack overflow resulting in code execution. An attacker can
  display a specially crafted image to trigger this vulnerability.
  (CVE-2017-14442)
* An exploitable code execution vulnerability exists in the ICO image
  rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image
  can cause an integer overflow, cascading to a heap overflow resulting in
  code execution. An attacker can display a specially crafted image to
  trigger this vulnerability. (CVE-2017-14441)
* An exploitable code execution vulnerability exists in the ILBM image
  rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image
  can cause a stack overflow resulting in code execution. An attacker can
  display a specially crafted image to trigger this vulnerability.
  (CVE-2017-14440)
* A buffer overflow vulnerability exists in the GIF image parsing
  functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead
  to a buffer overflow on a global section. An attacker can display an image
  to trigger this vulnerability. (CVE-2017-14450)
* An exploitable code execution vulnerability exists in the ILBM image
  rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image
  can cause a heap overflow resulting in code execution. An attacker can
  display a specially crafted image to trigger this vulnerability.
  (CVE-2017-12122)

An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability.
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVE-2017-14448
An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.
An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.
CVE-2017-14442
CVE-2017-14441
CVE-2017-14440
CVE-2017-14450
CVE-2017-12122
Comment 1 Philipp Hahn univentionstaff 2018-05-04 17:19:50 CEST
[4.3-0] 54101afd30 Bug #46959: sdl-image1.2_1.2.12-5+deb9u1
 doc/errata/staging/sdl-image1.2.yaml | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comment 2 Quality Assurance univentionstaff 2018-05-04 17:20:43 CEST
--- mirror/ftp/4.3/unmaintained/4.3-0/source/sdl-image1.2_1.2.12-5.dsc
+++ apt/ucs_4.3-0-errata4.3-0/source/sdl-image1.2_1.2.12-5+deb9u1.dsc
@@ -1,3 +1,17 @@
+1.2.12-5+deb9u1 [Sun, 15 Apr 2018 17:54:38 +0200] Felix Geyer <fgeyer@debian.org>:
+
+  * Backport various security fixes:
+    - CVE-2017-2887
+    - CVE-2017-12122
+    - CVE-2017-14440
+    - CVE-2017-14441
+    - CVE-2017-14442
+    - CVE-2017-14448
+    - CVE-2017-14450
+    - CVE-2018-3837
+    - CVE-2018-3838
+    - CVE-2018-3839
+
 1.2.12-5 [Sun, 01 Sep 2013 13:03:02 +0200] Felix Geyer <fgeyer@debian.org>:
 
   * Really regenerate autoconf files. The upstream autogen.sh doesn't
Comment 3 Arvid Requate univentionstaff 2018-05-15 11:42:27 CEST
* No UCS specific patches
* Comparison to previously shipped version ok
* Binary package update Ok
* Advisory adjusted:
  b1b1d847c1 | Sort CVEs
Comment 4 Arvid Requate univentionstaff 2018-05-16 17:04:24 CEST
<http://errata.software-univention.de/ucs/4.3/72.html>