sdl_image -- buffer overflow vulnerabilities

ID B1BCAB7D-1880-11DD-A914-0016179B2DD5
Type freebsd
Reporter FreeBSD
Modified 2008-01-24T00:00:00


Secunia reports:

Two vulnerabilities have been reported in SDL_image, which can be exploited by malicious people to cause a Denial of Service or potentially compromise an application using the library. A boundary error within the LWZReadByte() function in IMG_gif.c can be exploited to trigger the overflow of a static buffer via a specially crafted GIF file. A boundary error within the "IMG_LoadLBM_RW()" function in IMG_lbm.c can be exploited to cause a heap-based buffer overflow via a specially crafted IFF ILBM file.