Bug 50143 - sdl-image1.2: Multiple issues (4.4)
sdl-image1.2: Multiple issues (4.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
All Linux
: P3 normal (vote)
: UCS 4.4-1-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-09 15:25 CEST by Quality Assurance
Modified: 2019-09-11 15:25 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Debian NVD RedHat


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-09-09 15:25:11 CEST
New Debian sdl-image1.2 1.2.12-5+deb9u2 fixes:
This update addresses the following issues:
* An exploitable code execution vulnerability exists in the XCF image  rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image  can cause a heap overflow, resulting in code execution. An attacker can  display a specially crafted image to trigger this vulnerability.  (CVE-2018-3977)
* An exploitable heap-based buffer overflow vulnerability exists when loading  a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead  to a buffer overflow and potential code execution. An attacker can provide  a specially crafted image file to trigger this vulnerability.  (CVE-2019-5051)
* An exploitable integer overflow vulnerability exists when loading a PCX  file in SDL2_image 2.0.4. A specially crafted file can cause an integer  overflow, resulting in too little memory being allocated, which can lead to  a buffer overflow and potential code execution. An attacker can provide a  specially crafted image file to trigger this vulnerability. (CVE-2019-5052)
* An exploitable code execution vulnerability exists in the PCX  image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX  image can cause a heap overflow, resulting in code execution. An attacker  can display a specially crafted image to trigger this vulnerability.  (CVE-2019-5057)
* An exploitable code execution vulnerability exists in the XCF image  rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image  can cause a heap overflow, resulting in code execution. An attacker can  display a specially crafted image to trigger this vulnerability.  (CVE-2019-5058)
* heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c  (CVE-2019-7635)
* heap-based buffer overflow in function SDL2_image function IMG_LoadPCX_RW  in IMG_pcx.c (CVE-2019-12216)
* null-pointer dereference in function stdio_read in file/SDL_rwops.c  (CVE-2019-12217)
* null-pointer dereference in function IMG_LoadPCX_RW in IMG_pcx.c  (CVE-2019-12218)
* invalid free error in function SDL_SetError_REAL (CVE-2019-12219)
* out-of-bounds read in function SDL_FreePalette_REAL in video/SDL_pixels.c  (CVE-2019-12220)
* null-pointer dereference in function SDL_free_REAL in stdlib/SDL_malloc.c  (CVE-2019-12221)
* out-of-bounds read in function SDL_InvalidateMap in video/SDL_pixels.c  (CVE-2019-12222)
Comment 1 Quality Assurance univentionstaff 2019-09-09 16:01:29 CEST
--- mirror/ftp/4.3/unmaintained/4.3-1/source/sdl-image1.2_1.2.12-5+deb9u1.dsc
+++ apt/ucs_4.4-0-errata4.4-1/source/sdl-image1.2_1.2.12-5+deb9u2.dsc
@@ -1,3 +1,15 @@
+1.2.12-5+deb9u2 [Thu, 29 Aug 2019 08:28:17 -0400] Hugo Lefeuvre <hle@debian.org>:
+
+  * Non-maintainer upload.
+  * CVE-2018-3977, CVE-2019-5058: buffer overflow in do_layer_surface
+    (IMG_xcf.c) (Closes: #932755).
+  * CVE-2019-5052: integer overflow and subsequent buffer overflow in IMG_pcx.c.
+  * CVE-2019-7635: heap buffer overflow in Blit1to4 (IMG_bmp.c).
+  * CVE-2019-12216, CVE-2019-12217,
+    CVE-2019-12218, CVE-2019-12219,
+    CVE-2019-12220, CVE-2019-12221,
+    CVE-2019-12222, CVE-2019-5051: OOB R/W in IMG_LoadPCX_RW (IMG_pcx.c).
+
 1.2.12-5+deb9u1 [Sun, 15 Apr 2018 17:54:38 +0200] Felix Geyer <fgeyer@debian.org>:
 
   * Backport various security fixes:

<http://10.200.17.11/4.4-1/#3227640538739662608>
Comment 2 Philipp Hahn univentionstaff 2019-09-10 12:26:40 CEST
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-1] c8177553a2 Bug #50143: sdl-image1.2 1.2.12-5+deb9u2
 doc/errata/staging/sdl-image1.2.yaml | 46 ++++++++++++++++--------------------
 1 file changed, 21 insertions(+), 25 deletions(-)

[4.4-1] f64692950e Bug #50143: sdl-image1.2 1.2.12-5+deb9u2
 doc/errata/staging/sdl-image1.2.yaml | 63 ++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
Comment 3 Erik Damrose univentionstaff 2019-09-11 15:25:38 CEST
<http://errata.software-univention.de/ucs/4.4/262.html>