openSUSE Build Service

Security update for SDL_image

This update for SDL_image fixes the following issues:

Update SDL_Image to new snapshot 1.2.12+hg695.

Security issues fixed:

* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)
* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)
* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)
* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling (boo#1143766)
* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)
* CVE-2019-7635: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (boo#1124827)
* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).

Submitted by Jan Engelhardt (jengelh)

Fixed bugs

bnc#1143764

VUL-0: CVE-2019-5058: SDL2_image: heap overflow in XCF image rendering can lead to code execution

bnc#1141844

VUL-1: CVE-2019-13616: SDL,SDL2: through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

bnc#1143766

VUL-0: CVE-2019-5059: SDL2_image: heap overflow in XPM image

bnc#1143768

VUL-1: CVE-2019-5060: SDL2_image: integer overflow in the XPM image

bnc#1143763

VUL-0: CVE-2019-5057: SDL2_image: code execution vulnerability in the PCX image-rendering functionality of SDL2_image

bnc#1124827

VUL-1: CVE-2019-7635: SDL,SDL2: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c

bnc#1140421

VUL-0: CVE-2019-5052: SDL2_image: An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated

Places

Fixed bugs

Selected Binaries

Places