Bug#912617: libsdl2-image: CVE-2018-3977: do_layer_surface code execution vulnerability
carnil at debian.org
Thu Nov 1 21:47:20 GMT 2018
Tags: patch security upstream
Justification: user security hole
Control: found -1 2.0.1+dfsg-1
Control: found -1 2.0.1+dfsg-2+deb9u1
Control: clone -1 -2
Control: retitle -2 sdl-image1.2: CVE-2018-3977: do_layer_surface code execution vulnerability
Control: reassign -2 src:sdl-image1.2 1.2.12-9
Control: found -2 1.2.12-5
Control: found -2 1.2.12-5+deb9u1
The following vulnerability was published for libsdl2-image.
| An exploitable code execution vulnerability exists in the XCF image
| rendering functionality of SDL2_image-2.0.3. A specially crafted XCF
| image can cause a heap overflow, resulting in code execution. An
| attacker can display a specially crafted image to trigger this
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-sdl-maintainers