Описание
Security update for SDL2_image
This update for SDL2_image fixes the following issues:
Security issues fixed:
- CVE-2018-3839: Fixed an exploitable code execution vulnerability that existed in the XCF image rendering functionality of the Simple DirectMedia Layer (bsc#1089087).
- CVE-2018-3977: Fixed a possible code execution via creafted XCF image that could have caused a heap overflow (bsc#1114519).
Список пакетов
openSUSE Leap 42.3
SDL2_image-2.0.4-13.13.1
libSDL2_image-2_0-0-2.0.4-13.13.1
libSDL2_image-2_0-0-32bit-2.0.4-13.13.1
libSDL2_image-devel-2.0.4-13.13.1
libSDL2_image-devel-32bit-2.0.4-13.13.1
Ссылки
- E-Mail link for openSUSE-SU-2018:3828-1
- SUSE Security Ratings
Описание
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
Затронутые продукты
openSUSE Leap 42.3:SDL2_image-2.0.4-13.13.1
openSUSE Leap 42.3:libSDL2_image-2_0-0-2.0.4-13.13.1
openSUSE Leap 42.3:libSDL2_image-2_0-0-32bit-2.0.4-13.13.1
openSUSE Leap 42.3:libSDL2_image-devel-2.0.4-13.13.1
Ссылки
- CVE-2018-3839
- SUSE Bug 1089087
Описание
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
Затронутые продукты
openSUSE Leap 42.3:SDL2_image-2.0.4-13.13.1
openSUSE Leap 42.3:libSDL2_image-2_0-0-2.0.4-13.13.1
openSUSE Leap 42.3:libSDL2_image-2_0-0-32bit-2.0.4-13.13.1
openSUSE Leap 42.3:libSDL2_image-devel-2.0.4-13.13.1
Ссылки
- CVE-2018-3977
- SUSE Bug 1114519