Source: libsdl2-image Version: 2.0.1+dfsg-1 Severity: grave Tags: patch security upstream Control: clone -1 -2 Control: reassign -2 src:sdl-image1.2 Control: found -2 1.2.12-1 Control: retitle -2 sdl-image1.2: CVE-2017-2887: Incorrect XCF property handling
Hi, the following vulnerability was published for libsdl2-image. CVE-2017-2887[0]: | An exploitable buffer overflow vulnerability exists in the XCF | property handling functionality of SDL_image 2.0.1. A specially | crafted xcf file can cause a stack-based buffer overflow resulting in | potential code execution. An attacker can provide a specially crafted | XCF file to trigger this vulnerability. The same is found in sdl-image1.2 afaics, but please double check. I'm cloning this bug for the second source package. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-2887 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887 [1] https://hg.libsdl.org/SDL_image/rev/318484db0705 Please adjust the affected versions in the BTS as needed. Regards, Salvatore