Lucene search

K
mageiaGentoo FoundationMGASA-2017-0398
HistoryNov 03, 2017 - 12:47 a.m.

Updated sdl2 packages fix security vulnerability

2017-11-0300:47:07
Gentoo Foundation
advisories.mageia.org
11

0.006 Low

EPSS

Percentile

78.3%

Yves Younan of Cisco Talos discovered an exploitable integer overflow vulnerability when creating a new RGB Surface in SDL 2.0.x before version 2.0.7. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability (CVE-2017-2888).