Описание
Security update for SDL_image, SDL2_image
This update for SDL_image and SDL2_image fixes the following security issue:
- CVE-2017-2887: A specially crafted file could have been used to cause a stack overflow resulting in potential code execution (bsc#1062777)
Список пакетов
openSUSE Leap 42.3
SDL2_image-2.0.0-13.7.1
SDL_image-1.2.12-16.3.1
libSDL2_image-2_0-0-2.0.0-13.7.1
libSDL2_image-2_0-0-32bit-2.0.0-13.7.1
libSDL2_image-devel-2.0.0-13.7.1
libSDL2_image-devel-32bit-2.0.0-13.7.1
libSDL_image-1_2-0-1.2.12-16.3.1
libSDL_image-1_2-0-32bit-1.2.12-16.3.1
libSDL_image-devel-1.2.12-16.3.1
libSDL_image-devel-32bit-1.2.12-16.3.1
Ссылки
- E-Mail link for openSUSE-SU-2018:0490-1
- SUSE Security Ratings
Описание
An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.
Затронутые продукты
openSUSE Leap 42.3:SDL2_image-2.0.0-13.7.1
openSUSE Leap 42.3:SDL_image-1.2.12-16.3.1
openSUSE Leap 42.3:libSDL2_image-2_0-0-2.0.0-13.7.1
openSUSE Leap 42.3:libSDL2_image-2_0-0-32bit-2.0.0-13.7.1
Ссылки
- CVE-2017-2887
- SUSE Bug 1062777
- SUSE Bug 1062784