[SECURITY] Fedora 42 Update: SDL2_image-2.8.12-1.fc42

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL surfaces...

[SECURITY] Fedora 43 Update: SDL2_image-2.8.12-1.fc43

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL surfaces...

Astra Linux - уязвимость в sdl-image1.2

There is an exploitable code execution vulnerability in the XPM image rendering functionality of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating a buffer that is too small. This buffer can then be written beyond its boundaries, leading to a heap overflow a...

Linux Distros Unpatched Vulnerability : CVE-2026-35444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are us...

DEBIAN-CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

CVE-2026-35444 SDL_image has a heap buffer overflow READ via unchecked colormap index in XCF loader

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

CVE-2026-35444

The CVE-2026-35444 issue affects SDL_image’s XCF loader (src/IMG_xcf.c). In do_layer_surface(), pixel indices from decoded XCF tile data are used directly as colormap indices without validating against cm_num, enabling heap out-of-bounds reads (up to 762 bytes past the colormap allocation) for bo...

CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

Linux Distros Unpatched Vulnerability : CVE-2019-5058

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image 2.0.4. A specially crafted XCF image can cause a heap...

SUSE CVE-2017-2887

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this...

SUSE CVE-2017-14441

An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this...

SUSE CVE-2017-14442

An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

SUSE CVE-2017-14449

A double-Free vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability...

SUSE CVE-2019-5052

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a...

SUSE CVE-2019-12216

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a heap-based buffer overflow in the SDL2image function IMGLoadPCXRW at IMGpcx.c...

CVE-2019-19721

An off-by-one error in the DecodeBlock function in codec/sdlimage.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service memory corruption via a crafted image file. NOTE: this may be related to the SDLImage product...

DEBIAN-CVE-2019-19721

An off-by-one error in the DecodeBlock function in codec/sdlimage.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service memory corruption via a crafted image file. NOTE: this may be related to the SDLImage product...

OPENSUSE-SU-2019:2109-1 Security update for SDL_image

This update for SDLimage fixes the following issues: Update SDLImage to new snapshot 1.2.12+hg695. Security issues fixed: TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file boo1140421 TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the...

OPENSUSE-SU-2019:2071-1 Security update for SDL_image

This update for SDLimage fixes the following issues: Update SDLImage to new snapshot 1.2.12+hg695. Security issues fixed: TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file boo1140421 TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This...