Debian LTS: DLA-1861-1: libsdl2-image security update

    Date22 Jul 2019
    CategoryDebian LTS
    445
    Posted ByLinuxSecurity Advisories
    The following issues have been found in libsdl2-image, the image file loading library.
    
    Package        : libsdl2-image
    Version        : 2.0.0+dfsg-3+deb8u2
    CVE ID         : CVE-2018-3977 CVE-2019-5052 CVE-2019-7635 CVE-2019-12216 
                     CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220 
                     CVE-2019-12221 CVE-2019-12222
    Debian Bug     : 932754, 932755
    
    
    The following issues have been found in libsdl2-image, the image file loading
    library.
    
    CVE-2018-3977
    
        Heap buffer overflow in IMG_xcf.c. This vulnerability might be leveraged by
        remote attackers to cause remote code execution or denial of service via a
        crafted XCF file.
    
    CVE-2019-5052
    
        Integer overflow and subsequent buffer overflow in IMG_pcx.c. This
        vulnerability might be leveraged by remote attackers to cause remote code
        execution or denial of service via a crafted PCX file.
    
    CVE-2019-7635
    
        Heap buffer overflow affecting Blit1to4, in IMG_bmp.c. This vulnerability
        might be leveraged by remote attackers to cause denial of service or any
        other unspecified impact via a crafted BMP file.
    
    CVE-2019-12216,
    CVE-2019-12217,
    CVE-2019-12218,
    CVE-2019-12219,
    CVE-2019-12220,
    CVE-2019-12221,
    CVE-2019-12222
    
        Multiple out-of-bound read and write accesses affecting IMG_LoadPCX_RW, in
        IMG_pcx.c. These vulnerabilities might be leveraged by remote attackers to
        cause denial of service or any other unspecified impact via a crafted PCX
        file.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    2.0.0+dfsg-3+deb8u2.
    
    We recommend that you upgrade your libsdl2-image packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.