SUSE Package Hub - openSUSE-2018-1467

Update Info

openSUSE-2018-1467

Security update for SDL2_image

Type: security

Severity: moderate

Issued: 2018-11-24

Description:

This update for SDL2_image fixes the following issues:

Security issues fixed:

- CVE-2018-3839: Fixed an exploitable code execution vulnerability that existed in the XCF image rendering functionality of the Simple DirectMedia Layer (bsc#1089087).
- CVE-2018-3977: Fixed a possible code execution via creafted XCF image that could have caused a heap overflow (bsc#1114519).

This update was imported from the openSUSE:Leap:15.0:Update update project.

References

CVE: CVE-2018-3977
CVE: CVE-2018-3839
Bugzilla: 1114519 VUL-0: CVE-2018-3977: SDL_image,SDL2_image: XCF image can cause a heap overflow, resulting in code execution
Bugzilla: 1089087 VUL-0: CVE-2018-3839: SDL_image,SDL2_image: An exploitable code execution vulnerability exists in the XCF image renderingfunctionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially craftedXCF image can cause an out-of-bounds write on the

Packages

SDL2_image-2.0.4-bp150.3.3.1