Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

SUSE Linux Enterprise 2018:3657-1 Moderate SDL_image Buffer Overflow

suse
Calendar Grey November 7, 2018
Dist Suse Esm H88
SUSE Security Patch: Critical updates addressing vulnerabilities in SDL_image that may lead to various execution threats.
An update that fixes 6 vulnerabilities is now available

Summary

This update for SDL_image fixes the following issues: - CVE-2017-14442: A specially crafted BMP image could have caused a stack overflow for an attacker that can display a specially crafted image (bsc#1084304). - CVE-2017-14450: A specially crafted GIF image could have caused a buffer overflow on a global section for an attacker that can display an image (bsc#1084288). - CVE-2017-12122: An exploitable code execution vulnerability exists in the ILBM image rendering functionality. A specially crafted ILBM image can cause a heap overflow resulting in code execution. (bsc#1084256). - CVE-2017-14440: An exploitable code execution vulnerability exists in the ILBM image rendering functionality. A specially crafted ILBM image can cause a stack overflow resulting in code execution. (bsc#1084257).

References

#1084256 #1084257 #1084288 #1084303 #1084304

#1089087

Cross- CVE-2017-12122 CVE-2017-14440 CVE-2017-14442

CVE-2017-14448 CVE-2017-14450 CVE-2018-3839

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2017-12122.html

https://www.suse.com/security/cve/CVE-2017-14440.html

https://www.suse.com/security/cve/CVE-2017-14442.html

https://www.suse.com/security/cve/CVE-2017-14448.html

https://www.suse.com/security/cve/CVE-2017-14450.html

https://www.suse.com/security/cve/CVE-2018-3839.html

https://bugzilla.suse.com/1084256

https://bugzilla.suse.com/1084257

https://bugzilla.suse.com/1084288

https://bugzilla.suse.com/1084303

Announcement ID: SUSE-SU-2018:3657-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.