Univention Bugzilla – Bug 50163
sdl-image1.2: Multiple issues (4.3)
Last modified: 2019-09-11 15:56:19 CEST
New Debian sdl-image1.2 1.2.12-5+deb9u2 fixes: This update addresses the following issues: * An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (CVE-2018-3977) * An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. (CVE-2019-5051) * An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. (CVE-2019-5052) * An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (CVE-2019-5057) * An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (CVE-2019-5058) * heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635) * heap-based buffer overflow in function SDL2_image function IMG_LoadPCX_RW in IMG_pcx.c (CVE-2019-12216) * null-pointer dereference in function stdio_read in file/SDL_rwops.c (CVE-2019-12217) * null-pointer dereference in function IMG_LoadPCX_RW in IMG_pcx.c (CVE-2019-12218) * invalid free error in function SDL_SetError_REAL (CVE-2019-12219) * out-of-bounds read in function SDL_FreePalette_REAL in video/SDL_pixels.c (CVE-2019-12220) * null-pointer dereference in function SDL_free_REAL in stdlib/SDL_malloc.c (CVE-2019-12221) * out-of-bounds read in function SDL_InvalidateMap in video/SDL_pixels.c (CVE-2019-12222)
--- mirror/ftp/4.3/unmaintained/4.3-1/source/sdl-image1.2_1.2.12-5+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/sdl-image1.2_1.2.12-5+deb9u2.dsc @@ -1,3 +1,15 @@ +1.2.12-5+deb9u2 [Thu, 29 Aug 2019 08:28:17 -0400] Hugo Lefeuvre <hle@debian.org>: + + * Non-maintainer upload. + * CVE-2018-3977, CVE-2019-5058: buffer overflow in do_layer_surface + (IMG_xcf.c) (Closes: #932755). + * CVE-2019-5052: integer overflow and subsequent buffer overflow in IMG_pcx.c. + * CVE-2019-7635: heap buffer overflow in Blit1to4 (IMG_bmp.c). + * CVE-2019-12216, CVE-2019-12217, + CVE-2019-12218, CVE-2019-12219, + CVE-2019-12220, CVE-2019-12221, + CVE-2019-12222, CVE-2019-5051: OOB R/W in IMG_LoadPCX_RW (IMG_pcx.c). + 1.2.12-5+deb9u1 [Sun, 15 Apr 2018 17:54:38 +0200] Felix Geyer <fgeyer@debian.org>: * Backport various security fixes: <http://10.200.17.11/4.3-4/#3227640538739662608>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-4] 76a7877fb6 Bug #50163: sdl-image1.2 1.2.12-5+deb9u2 doc/errata/staging/sdl-image1.2.yaml | 46 ++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 25 deletions(-) [4.3-4] 264bfe2774 Bug #50163: sdl-image1.2 1.2.12-5+deb9u2 doc/errata/staging/sdl-image1.2.yaml | 63 ++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+)
<http://errata.software-univention.de/ucs/4.3/581.html>