{"id":"MGASA-2017-0398","summary":"Updated sdl2 packages fix security vulnerability","details":"Yves Younan of Cisco Talos discovered an exploitable integer overflow\nvulnerability when creating a new RGB Surface in SDL 2.0.x before\nversion 2.0.7. A specially crafted file can cause an integer overflow\nresulting in too little memory being allocated which can lead to a\nbuffer overflow and potential code execution. An attacker can provide a\nspecially crafted image file to trigger this vulnerability\n(CVE-2017-2888).\n","modified":"2026-04-16T06:22:35.613660015Z","published":"2017-11-02T21:47:07Z","upstream":["CVE-2017-2888"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0398.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21882"},{"type":"WEB","url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395"},{"type":"WEB","url":"http://hg.libsdl.org/SDL/rev/7e0f1498ddb5"},{"type":"WEB","url":"http://hg.libsdl.org/SDL/rev/81a4950907a0"}],"affected":[{"package":{"name":"sdl2","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/sdl2?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.3-4.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0398.json"}},{"package":{"name":"sdl2","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/sdl2?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.5-2.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0398.json"}},{"package":{"name":"mingw-SDL2","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/mingw-SDL2?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.5-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0398.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}