Overview

File _patchinfo of Package patchinfo.10935

<patchinfo incident="10935">
  <issue tracker="bnc" id="1143764">VUL-0: CVE-2019-5058: SDL2_image: heap overflow in XCF image rendering can lead to code execution</issue>
  <issue tracker="bnc" id="1141844">VUL-1: CVE-2019-13616: SDL,SDL2: through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.</issue>
  <issue tracker="bnc" id="1143766">VUL-0: CVE-2019-5059: SDL2_image:  heap overflow in  XPM image</issue>
  <issue tracker="bnc" id="1143768">VUL-1: CVE-2019-5060: SDL2_image: integer overflow in the XPM image</issue>
  <issue tracker="bnc" id="1143763">VUL-0: CVE-2019-5057: SDL2_image:  code execution vulnerability in the PCX image-rendering functionality of SDL2_image</issue>
  <issue tracker="bnc" id="1124827">VUL-1: CVE-2019-7635: SDL,SDL2: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c</issue>
  <issue tracker="bnc" id="1140421">VUL-0: CVE-2019-5052: SDL2_image: An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated</issue>
  <issue tracker="cve" id="2019-5060"/>
  <issue tracker="cve" id="2019-7635"/>
  <issue tracker="cve" id="2019-5058"/>
  <issue tracker="cve" id="2019-5059"/>
  <issue tracker="cve" id="2019-13616"/>
  <issue tracker="cve" id="2019-5057"/>
  <issue tracker="cve" id="2019-5052"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>jengelh</packager>
  <description>This update for SDL_image fixes the following issues:

Update SDL_Image to new snapshot 1.2.12+hg695.

Security issues fixed:

* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)
* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)
* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)
* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling (boo#1143766)
* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)
* CVE-2019-7635: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (boo#1124827)
* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).
</description>
  <summary>Security update for SDL_image</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places