Security update for SDL_image, SDL2_image SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0490-1 Final 1 1 2018-02-20T12:28:55Z current 2018-02-20T12:28:55Z 2018-02-20T12:28:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for SDL_image, SDL2_image This update for SDL_image and SDL2_image fixes the following security issue: - CVE-2017-2887: A specially crafted file could have been used to cause a stack overflow resulting in potential code execution (bsc#1062777) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-02/msg00074.html E-Mail link for openSUSE-SU-2018:0490-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 SDL2_image-2.0.0-13.7.1 SDL_image-1.2.12-16.3.1 libSDL2_image-2_0-0-2.0.0-13.7.1 libSDL2_image-2_0-0-32bit-2.0.0-13.7.1 libSDL2_image-devel-2.0.0-13.7.1 libSDL2_image-devel-32bit-2.0.0-13.7.1 libSDL_image-1_2-0-1.2.12-16.3.1 libSDL_image-1_2-0-32bit-1.2.12-16.3.1 libSDL_image-devel-1.2.12-16.3.1 libSDL_image-devel-32bit-1.2.12-16.3.1 SDL2_image-2.0.0-13.7.1 as a component of openSUSE Leap 42.3 SDL_image-1.2.12-16.3.1 as a component of openSUSE Leap 42.3 libSDL2_image-2_0-0-2.0.0-13.7.1 as a component of openSUSE Leap 42.3 libSDL2_image-2_0-0-32bit-2.0.0-13.7.1 as a component of openSUSE Leap 42.3 libSDL2_image-devel-2.0.0-13.7.1 as a component of openSUSE Leap 42.3 libSDL2_image-devel-32bit-2.0.0-13.7.1 as a component of openSUSE Leap 42.3 libSDL_image-1_2-0-1.2.12-16.3.1 as a component of openSUSE Leap 42.3 libSDL_image-1_2-0-32bit-1.2.12-16.3.1 as a component of openSUSE Leap 42.3 libSDL_image-devel-1.2.12-16.3.1 as a component of openSUSE Leap 42.3 libSDL_image-devel-32bit-1.2.12-16.3.1 as a component of openSUSE Leap 42.3 An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability. CVE-2017-2887 openSUSE Leap 42.3:SDL2_image-2.0.0-13.7.1 openSUSE Leap 42.3:SDL_image-1.2.12-16.3.1 openSUSE Leap 42.3:libSDL2_image-2_0-0-2.0.0-13.7.1 openSUSE Leap 42.3:libSDL2_image-2_0-0-32bit-2.0.0-13.7.1 openSUSE Leap 42.3:libSDL2_image-devel-2.0.0-13.7.1 openSUSE Leap 42.3:libSDL2_image-devel-32bit-2.0.0-13.7.1 openSUSE Leap 42.3:libSDL_image-1_2-0-1.2.12-16.3.1 openSUSE Leap 42.3:libSDL_image-1_2-0-32bit-1.2.12-16.3.1 openSUSE Leap 42.3:libSDL_image-devel-1.2.12-16.3.1 openSUSE Leap 42.3:libSDL_image-devel-32bit-1.2.12-16.3.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00074.html https://www.suse.com/security/cve/CVE-2017-2887.html CVE-2017-2887 https://bugzilla.suse.com/1062777 SUSE Bug 1062777 https://bugzilla.suse.com/1062784 SUSE Bug 1062784