libSDL2_image-2_0-0-2.0.5-1.14 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10608 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libSDL2_image-2_0-0-2.0.5-1.14 on GA media These are all security issues fixed in the libSDL2_image-2_0-0-2.0.5-1.14 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10608 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10608 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-12122/ SUSE CVE CVE-2017-12122 page https://www.suse.com/security/cve/CVE-2017-14440/ SUSE CVE CVE-2017-14440 page https://www.suse.com/security/cve/CVE-2017-14441/ SUSE CVE CVE-2017-14441 page https://www.suse.com/security/cve/CVE-2017-14442/ SUSE CVE CVE-2017-14442 page https://www.suse.com/security/cve/CVE-2017-14448/ SUSE CVE CVE-2017-14448 page https://www.suse.com/security/cve/CVE-2017-14449/ SUSE CVE CVE-2017-14449 page https://www.suse.com/security/cve/CVE-2017-14450/ SUSE CVE CVE-2017-14450 page https://www.suse.com/security/cve/CVE-2017-2887/ SUSE CVE CVE-2017-2887 page https://www.suse.com/security/cve/CVE-2018-3839/ SUSE CVE CVE-2018-3839 page https://www.suse.com/security/cve/CVE-2018-3977/ SUSE CVE CVE-2018-3977 page https://www.suse.com/security/cve/CVE-2019-12217/ SUSE CVE CVE-2019-12217 page https://www.suse.com/security/cve/CVE-2019-12218/ SUSE CVE CVE-2019-12218 page https://www.suse.com/security/cve/CVE-2019-12220/ SUSE CVE CVE-2019-12220 page https://www.suse.com/security/cve/CVE-2019-12221/ SUSE CVE CVE-2019-12221 page https://www.suse.com/security/cve/CVE-2019-12222/ SUSE CVE CVE-2019-12222 page https://www.suse.com/security/cve/CVE-2019-13616/ SUSE CVE CVE-2019-13616 page https://www.suse.com/security/cve/CVE-2019-5051/ SUSE CVE CVE-2019-5051 page https://www.suse.com/security/cve/CVE-2019-5052/ SUSE CVE CVE-2019-5052 page https://www.suse.com/security/cve/CVE-2019-5057/ SUSE CVE CVE-2019-5057 page https://www.suse.com/security/cve/CVE-2019-5058/ SUSE CVE CVE-2019-5058 page https://www.suse.com/security/cve/CVE-2019-5059/ SUSE CVE CVE-2019-5059 page https://www.suse.com/security/cve/CVE-2019-5060/ SUSE CVE CVE-2019-5060 page openSUSE Tumbleweed libSDL2_image-2_0-0-2.0.5-1.14 libSDL2_image-2_0-0-32bit-2.0.5-1.14 libSDL2_image-devel-2.0.5-1.14 libSDL2_image-devel-32bit-2.0.5-1.14 libSDL2_image-2_0-0-2.0.5-1.14 as a component of openSUSE Tumbleweed libSDL2_image-2_0-0-32bit-2.0.5-1.14 as a component of openSUSE Tumbleweed libSDL2_image-devel-2.0.5-1.14 as a component of openSUSE Tumbleweed libSDL2_image-devel-32bit-2.0.5-1.14 as a component of openSUSE Tumbleweed An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-12122 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12122.html CVE-2017-12122 https://bugzilla.suse.com/1084256 SUSE Bug 1084256 https://bugzilla.suse.com/1084257 SUSE Bug 1084257 An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14440 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14440.html CVE-2017-14440 https://bugzilla.suse.com/1084256 SUSE Bug 1084256 https://bugzilla.suse.com/1084257 SUSE Bug 1084257 An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14441 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14441.html CVE-2017-14441 https://bugzilla.suse.com/1084256 SUSE Bug 1084256 https://bugzilla.suse.com/1084282 SUSE Bug 1084282 An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14442 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14442.html CVE-2017-14442 https://bugzilla.suse.com/1084256 SUSE Bug 1084256 https://bugzilla.suse.com/1084304 SUSE Bug 1084304 An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14448 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14448.html CVE-2017-14448 https://bugzilla.suse.com/1084256 SUSE Bug 1084256 https://bugzilla.suse.com/1084303 SUSE Bug 1084303 A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14449 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14449.html CVE-2017-14449 https://bugzilla.suse.com/1084256 SUSE Bug 1084256 https://bugzilla.suse.com/1084297 SUSE Bug 1084297 A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. CVE-2017-14450 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14450.html CVE-2017-14450 https://bugzilla.suse.com/1084256 SUSE Bug 1084256 https://bugzilla.suse.com/1084288 SUSE Bug 1084288 An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability. CVE-2017-2887 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-2887.html CVE-2017-2887 https://bugzilla.suse.com/1062777 SUSE Bug 1062777 https://bugzilla.suse.com/1062784 SUSE Bug 1062784 An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2018-3839 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3839.html CVE-2018-3839 https://bugzilla.suse.com/1089087 SUSE Bug 1089087 An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2018-3977 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3977.html CVE-2018-3977 https://bugzilla.suse.com/1114519 SUSE Bug 1114519 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c. CVE-2019-12217 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-12217.html CVE-2019-12217 https://bugzilla.suse.com/1135787 SUSE Bug 1135787 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. CVE-2019-12218 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-12218.html CVE-2019-12218 https://bugzilla.suse.com/1135789 SUSE Bug 1135789 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c. CVE-2019-12220 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-12220.html CVE-2019-12220 https://bugzilla.suse.com/1135806 SUSE Bug 1135806 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. CVE-2019-12221 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-12221.html CVE-2019-12221 https://bugzilla.suse.com/1135796 SUSE Bug 1135796 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c. CVE-2019-12222 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-12222.html CVE-2019-12222 https://bugzilla.suse.com/1136101 SUSE Bug 1136101 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. CVE-2019-13616 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13616.html CVE-2019-13616 https://bugzilla.suse.com/1141844 SUSE Bug 1141844 An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. CVE-2019-5051 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5051.html CVE-2019-5051 https://bugzilla.suse.com/1140419 SUSE Bug 1140419 An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. CVE-2019-5052 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5052.html CVE-2019-5052 https://bugzilla.suse.com/1140421 SUSE Bug 1140421 An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2019-5057 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5057.html CVE-2019-5057 https://bugzilla.suse.com/1143763 SUSE Bug 1143763 An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2019-5058 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5058.html CVE-2019-5058 https://bugzilla.suse.com/1143764 SUSE Bug 1143764 An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2019-5059 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5059.html CVE-2019-5059 https://bugzilla.suse.com/1143766 SUSE Bug 1143766 An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2019-5060 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5060.html CVE-2019-5060 https://bugzilla.suse.com/1143768 SUSE Bug 1143768