-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libsdl2-image Version : 2.0.0+dfsg-3+deb8u2 CVE ID : CVE-2018-3977 CVE-2019-5052 CVE-2019-7635 CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220 CVE-2019-12221 CVE-2019-12222 Debian Bug : 932754, 932755
The following issues have been found in libsdl2-image, the image file loading library. CVE-2018-3977 Heap buffer overflow in IMG_xcf.c. This vulnerability might be leveraged by remote attackers to cause remote code execution or denial of service via a crafted XCF file. CVE-2019-5052 Integer overflow and subsequent buffer overflow in IMG_pcx.c. This vulnerability might be leveraged by remote attackers to cause remote code execution or denial of service via a crafted PCX file. CVE-2019-7635 Heap buffer overflow affecting Blit1to4, in IMG_bmp.c. This vulnerability might be leveraged by remote attackers to cause denial of service or any other unspecified impact via a crafted BMP file. CVE-2019-12216, CVE-2019-12217, CVE-2019-12218, CVE-2019-12219, CVE-2019-12220, CVE-2019-12221, CVE-2019-12222 Multiple out-of-bound read and write accesses affecting IMG_LoadPCX_RW, in IMG_pcx.c. These vulnerabilities might be leveraged by remote attackers to cause denial of service or any other unspecified impact via a crafted PCX file. For Debian 8 "Jessie", these problems have been fixed in version 2.0.0+dfsg-3+deb8u2. We recommend that you upgrade your libsdl2-image packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl02EU0ACgkQEeMFjl5E GkLZ+Av/Syo6qR4z18viJ7PSsczhO2eZQP4uk3BbtqSc2nfRTmU84gvaQscFtuSO L3BDgTgnzeN4CVZuzZAPuLQknav37nHQ/wzjrzGqCjqYh1zruZgwcZXPtyXjAjBp O31bKpbwJ6H1szKanCOZ0JOUpDAdWQ9q5zvktw/f1HGcFPHOum/1fDyUnghG9h/V 9L+8Fh12Kx2yifExw6gFRaAVEUftUnibr0iff8XUZFul4b4hB6N01yrkEXgRaZZH VoRXU32y0gpkbkOhuGq05mkY+Ds0o8/xG59yvqmLNQ75zcdFjfkQrwddmo/huciH v2TvBe4AssPrDamxoPl8N0VikFPo9D3Z+XGExAVNgy+59JO8Da18vUbUGze6hNHh Z28YDU/u0dNzsElnP87HCsZ/nDeaxRaPR6jH/qMEPKrVEPulS71vE+dX7BqrSoFD qx0A4SOOl56FxeFudNQv3jGsivsCdlAQKh2L8jmvrHrCv4Vs4Vg7QRZ2BjDhRtXo qEyQJQyC =79YB -----END PGP SIGNATURE-----