Описание
Security update for SDL2, SDL2_image
This update for SDL2 and SDL2_image fixes the following issues:
- CVE-2017-14441: Code execution in the ICO image rendering (bsc#1084282).
- CVE-2017-14440: Potential code execution in the ILBM image rendering functionality (bsc#1084257).
- CVE-2017-12122: Potential code execution in the ILBM image rendering fuctionality (bsc#1084256).
- CVE-2017-14448: Heap buffer overflow in the XCF image rendering functionality (bsc#1084303).
- CVE-2017-14449: Double-Free in the XCF image rendering (bsc#1084297).
- CVE-2017-14442: Stack buffer overflow the BMP image rendering functionality (bsc#1084304).
- CVE-2017-14450: Buffer overflow in the GIF image parsing (bsc#1084288).
Bug fixes:
- boo#1025413: Add dbus-ime.diff and build with fcitx.
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:0734-1
- SUSE Security Ratings
Описание
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-12122
- SUSE Bug 1084256
- SUSE Bug 1084257
Описание
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-14440
- SUSE Bug 1084256
- SUSE Bug 1084257
Описание
An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-14441
- SUSE Bug 1084256
- SUSE Bug 1084282
Описание
An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-14442
- SUSE Bug 1084256
- SUSE Bug 1084304
Описание
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-14448
- SUSE Bug 1084256
- SUSE Bug 1084303
Описание
A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-14449
- SUSE Bug 1084256
- SUSE Bug 1084297
Описание
A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-14450
- SUSE Bug 1084256
- SUSE Bug 1084288