UbuntuUpdates.org

Package "sdl-image1.2"

Name: sdl-image1.2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Image loading library for Simple DirectMedia Layer 1.2, libraries
  • Image loading library for Simple DirectMedia Layer 1.2, debugging
  • Image loading library for Simple DirectMedia Layer 1.2, development files

Latest version: 1.2.12-5+deb9u1ubuntu0.16.04.1
Release: xenial (16.04)
Level: updates
Repository: universe

Links



Other versions of "sdl-image1.2" in Xenial

Repository Area Version
base universe 1.2.12-5build2
security universe 1.2.12-5+deb9u1ubuntu0.16.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.2.12-5+deb9u1ubuntu0.16.04.1 2020-01-14 16:06:39 UTC

  sdl-image1.2 (1.2.12-5+deb9u1ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Arbitrary code execution in the XCF image rendering
    - debian/patches/CVE-2018-3977.patch: Fix potential buffer overflow on
      corrupt or maliciously-crafted XCF file.
    - CVE-2018-3977
  * SECURITY UPDATE: Buffer overflows in IMG_pcx.c
    - debian/patches/IMG_pcx-out-of-bounds.patch: fix multiple OOB issues in
      IMG_pcx.c
    - CVE-2019-5051
    - CVE-2019-12217
    - CVE-2019-12219
    - CVE-2019-12220
    - CVE-2019-12221
    - CVE-2019-12222
  * SECURITY UPDATE: Integer overflow when loading a PCX file
    - debian/patches/CVE-2019-5052.patch: Fix invalid data read on bpl == -1.
    - CVE-2019-5052
  * SECURITY UPDATE: Heap-based buffer over-read in Blit1to4()
    - debian/patches/CVE-2019-7635.patch: fix Heap-Buffer Overflow in
      Blit1to4().
    - CVE-2019-7635
  * SECURITY UPDATE: Heap buffer overflow in IMG_pcx.c
    - debian/patches/CVE-2019-12218.patch: fix heap buffer overflow issue in
      IMG_pcx.c
    - CVE-2019-12218
    - CVE-2019-12216
  * SECURITY UPDATE: Heap-based buffer over-read in BlitNtoN()
    - debian/patches/CVE-2019-13616.patch: validate image size when loading
      BMP files.
    - CVE-2019-13616

 -- Eduardo Barretto <email address hidden> Fri, 10 Jan 2020 15:38:38 -0300

Source diff to previous version
CVE-2018-3977 An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can ca
CVE-2019-5051 An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead
CVE-2019-12217 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There
CVE-2019-12219 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There
CVE-2019-12220 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There
CVE-2019-12221 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There
CVE-2019-12222 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at vid
CVE-2019-5052 An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overf
CVE-2019-7635 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
CVE-2019-12218 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There
CVE-2019-12216 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There
CVE-2019-13616 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called f

Version: 1.2.12-5+deb9u1build0.16.04.1 2018-04-30 21:06:57 UTC

  sdl-image1.2 (1.2.12-5+deb9u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian




About   -   Send Feedback to @ubuntu_updates