Overview

File _patchinfo of Package patchinfo.9175

<patchinfo incident="9175">
  <issue tracker="bnc" id="1089087">VUL-0: CVE-2018-3839: SDL_image,SDL2_image: An exploitable code execution vulnerability exists in the XCF image renderingfunctionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially craftedXCF image can cause an out-of-bounds write on the</issue>
  <issue tracker="bnc" id="1114519">VUL-0: CVE-2018-3977: SDL_image,SDL2_image: XCF image can cause a heap overflow, resulting in code execution</issue>
  <issue tracker="cve" id="2018-3977"/>
  <issue tracker="cve" id="2018-3839"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>jengelh</packager>
  <description>This update for SDL2_image fixes the following issues:

Security issues fixed:

- CVE-2018-3839: Fixed an exploitable code execution vulnerability that existed in the XCF image rendering functionality of the Simple DirectMedia Layer (bsc#1089087).
- CVE-2018-3977: Fixed a possible code execution via creafted XCF image that could have caused a heap overflow (bsc#1114519).
</description>
  <summary>Security update for SDL2_image</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places