Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-1861-1:9AFCC
HistoryJul 22, 2019 - 7:42 p.m.

[SECURITY] [DLA 1861-1] libsdl2-image security update

2019-07-2219:42:09
lists.debian.org
148

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

65.5%

JSON

Package : libsdl2-image
Version : 2.0.0+dfsg-3+deb8u2
CVE ID : CVE-2018-3977 CVE-2019-5052 CVE-2019-7635 CVE-2019-12216
CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220
CVE-2019-12221 CVE-2019-12222
Debian Bug : 932754, 932755

The following issues have been found in libsdl2-image, the image file loading
library.

CVE-2018-3977

Heap buffer overflow in IMG_xcf.c. This vulnerability might be leveraged by
remote attackers to cause remote code execution or denial of service via a
crafted XCF file.

CVE-2019-5052

Integer overflow and subsequent buffer overflow in IMG_pcx.c. This
vulnerability might be leveraged by remote attackers to cause remote code
execution or denial of service via a crafted PCX file.

CVE-2019-7635

Heap buffer overflow affecting Blit1to4, in IMG_bmp.c. This vulnerability
might be leveraged by remote attackers to cause denial of service or any
other unspecified impact via a crafted BMP file.

CVE-2019-12216,
CVE-2019-12217,
CVE-2019-12218,
CVE-2019-12219,
CVE-2019-12220,
CVE-2019-12221,
CVE-2019-12222

Multiple out-of-bound read and write accesses affecting IMG_LoadPCX_RW, in
IMG_pcx.c. These vulnerabilities might be leveraged by remote attackers to
cause denial of service or any other unspecified impact via a crafted PCX
file.

For Debian 8 "Jessie", these problems have been fixed in version
2.0.0+dfsg-3+deb8u2.

We recommend that you upgrade your libsdl2-image packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9mipsellibsdl2-image-dbg< 2.0.1+dfsg-2+deb9u2libsdl2-image-dbg_2.0.1+dfsg-2+deb9u2_mipsel.deb
Debian10armellibsdl-image1.2< 1.2.12-10+deb10u1libsdl-image1.2_1.2.12-10+deb10u1_armel.deb
Debian10arm64libsdl2-image-dev< 2.0.4+dfsg1-1+deb10u1libsdl2-image-dev_2.0.4+dfsg1-1+deb10u1_arm64.deb
Debian10amd64libsdl2-image-2.0-0-dbgsym< 2.0.4+dfsg1-1+deb10u1libsdl2-image-2.0-0-dbgsym_2.0.4+dfsg1-1+deb10u1_amd64.deb
Debian9amd64libsdl-image1.2-dbg< 1.2.12-5+deb9u2libsdl-image1.2-dbg_1.2.12-5+deb9u2_amd64.deb
Debian10allsdl-image1.2< 1.2.12-10+deb10u1sdl-image1.2_1.2.12-10+deb10u1_all.deb
Debian10ppc64ellibsdl2-image-dev< 2.0.4+dfsg1-1+deb10u1libsdl2-image-dev_2.0.4+dfsg1-1+deb10u1_ppc64el.deb
Debian9mipsellibsdl-image1.2< 1.2.12-5+deb9u2libsdl-image1.2_1.2.12-5+deb9u2_mipsel.deb
Debian9i386libsdl-image1.2-dbg< 1.2.12-5+deb9u2libsdl-image1.2-dbg_1.2.12-5+deb9u2_i386.deb
Debian10mipsellibsdl2-image-2.0-0< 2.0.4+dfsg1-1+deb10u1libsdl2-image-2.0-0_2.0.4+dfsg1-1+deb10u1_mipsel.deb
Rows per page:
1-10 of 1501

Related

nessus 47
fedora 11
osv 12
openvas 35
debian 6
ubuntu 3
mageia 4
ubuntucve 10
suse 10
redhatcve 9
prion 10
alpinelinux 6
debiancve 10
cve 10
veracode 1
talos 2
amazon 2
talosblog 1
freebsd 1
archlinux 1
gentoo 2
redhat 2
almalinux 1
centos 1
oraclelinux 2
nessus
nessus
Debian DLA-1861-1 : libsdl2-image security update
2019-07-23 00:00:00
Fedora 29 : SDL2_image (2019-a6bc0fb143)
2019-09-25 00:00:00
Debian DLA-1865-1 : sdl-image1.2 security update
2019-07-29 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: SDL2_image-2.0.5-2.fc29
2019-09-25 01:58:51
[SECURITY] Fedora 31 Update: mingw-SDL2-2.0.10-1.fc31
2020-02-08 02:05:04
[SECURITY] Fedora 28 Update: SDL2_image-2.0.4-1.fc28
2018-11-15 02:30:39
osv
osv
libsdl2-image - security update
2019-07-22 00:00:00
sdl-image1.2 - security update
2019-07-27 00:00:00
CVE-2019-12221
2019-05-20 17:29:17
openvas
openvas
Debian: Security Advisory (DLA-1865-1)
2019-07-28 00:00:00
Debian: Security Advisory (DLA-1861-1)
2019-07-23 00:00:00
Fedora Update for SDL2_image FEDORA-2019-a6bc0fb143
2019-09-26 00:00:00
debian
debian
[SECURITY] [DLA 1865-1] sdl-image1.2 security update
2019-07-27 18:30:14
[SECURITY] [DLA 2536-1] libsdl2 security update
2021-01-30 21:46:49
[SECURITY] [DLA 1714-2] libsdl2 regression update
2019-10-17 09:46:09
ubuntu
ubuntu
SDL_image vulnerabilities
2020-01-14 00:00:00
SDL 2.0 vulnerabilities
2019-09-30 00:00:00
SDL vulnerabilities
2019-10-16 00:00:00
mageia
mageia
Updated SDL_image packages fix security vulnerabilities
2019-12-06 17:15:42
Updated sdl2_image packages fix security vulnerabilities
2019-12-06 17:15:42
Updated sdl2/mingw-SDL2 packages fix security vulnerabilities
2018-11-18 01:23:26
ubuntucve
ubuntucve
CVE-2019-12219
2019-05-20 00:00:00
CVE-2019-12220
2019-05-20 00:00:00
CVE-2019-12217
2019-05-20 00:00:00
suse
suse
Security update for SDL2_image (moderate)
2019-09-10 00:00:00
Security update for SDL2_image (moderate)
2019-09-05 00:00:00
Security update for SDL_image (moderate)
2019-09-05 00:00:00
redhatcve
redhatcve
CVE-2019-12219
2019-07-23 05:54:18
CVE-2019-12217
2019-07-23 05:53:30
CVE-2019-12220
2019-07-23 05:53:03
prion
prion
Design/Logic Flaw
2019-05-20 17:29:00
Null pointer dereference
2019-05-20 17:29:00
Design/Logic Flaw
2019-05-20 17:29:00
alpinelinux
alpinelinux
CVE-2019-12217
2019-05-20 17:29:00
CVE-2019-12222
2019-05-20 17:29:00
CVE-2019-12221
2019-05-20 17:29:00
debiancve
debiancve
CVE-2019-12216
2019-05-20 17:29:00
CVE-2019-12220
2019-05-20 17:29:00
CVE-2019-12217
2019-05-20 17:29:00
cve
cve
CVE-2019-12220
2019-05-20 17:29:00
CVE-2019-12219
2019-05-20 17:29:00
CVE-2019-12217
2019-05-20 17:29:00
veracode
veracode
Heap-based Buffer Overflow
2020-10-01 03:53:23
talos
talos
Simple DirectMedia Layer SDL2_Image do_layer_surface code execution vulnerability
2018-10-31 00:00:00
Simple DirectMedia Layer SDL2_image IMG_LoadPCX_RW signed comparison code execution vulnerability
2019-07-02 00:00:00
amazon
amazon
Important: SDL2
2019-10-21 18:01:00
Medium: SDL
2020-10-22 17:17:00
talosblog
talosblog
Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer
2019-07-02 10:09:40
freebsd
freebsd
SDL2_image -- multiple vulnerabilities
2019-07-02 00:00:00
archlinux
archlinux
[ASA-201908-5] sdl2: arbitrary code execution
2019-08-05 00:00:00
gentoo
gentoo
SDL2_Image: Multiple vulnerabilities
2019-03-28 00:00:00
Simple DirectMedia Layer: Multiple vulnerabilities
2019-09-08 00:00:00
redhat
redhat
(RHSA-2020:4627) Moderate: SDL security update
2020-11-03 12:21:34
(RHSA-2020:3868) Moderate: SDL security update
2020-09-29 07:39:03
almalinux
almalinux
Moderate: SDL security update
2020-11-03 12:21:34
centos
centos
SDL security update
2020-10-20 18:56:35
oraclelinux
oraclelinux
SDL security update
2020-10-06 00:00:00
SDL security update
2020-11-10 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

65.5%

JSON
Related for DEBIAN:DLA-1861-1:9AFCC
nessus47fedora11osv12openvas35debian6ubuntu3mageia4ubuntucve10suse10redhatcve9prion10alpinelinux6debiancve10cve10veracode1talos2amazon2talosblog1freebsd1archlinux1gentoo2redhat2almalinux1centos1oraclelinux2