{"id":"MGASA-2019-0364","summary":"Updated sdl2_image packages fix security vulnerabilities","details":"Updated sdl2_image packages fix security vulnerabilities:\n\nAn exploitable heap-based buffer overflow vulnerability exists when loading\na PCX file in SDL2_image, version 2.0.4. A missing error handler can lead\nto a buffer overflow and potential code execution. An attacker can provide\na specially crafted image file to trigger this vulnerability.\n(CVE-2019-5051)\n\nAn exploitable integer overflow vulnerability exists when loading a PCX\nfile in SDL2_image 2.0.4. A specially crafted file can cause an integer\noverflow, resulting in too little memory being allocated, which can lead\nto a buffer overflow and potential code execution. (CVE-2019-5052)\n\nAn exploitable code execution vulnerability exists in the PCX image\nrendering functionality of SDL2_image 2.0.4. A specially crafted PCX image\ncan cause a heap overflow, resulting in code execution. An attacker can\ndisplay a specially crafted image to trigger this vulnerability.\n(CVE-2019-5057)\n\nAn exploitable code execution vulnerability exists in the XCF image\nrendering functionality of SDL2_image 2.0.4. A specially crafted XCF\nimage can cause a heap overflow, resulting in code execution. \n(CVE-2019-5058)\n\nAn exploitable code execution vulnerability exists in the XPM image\nrendering functionality of SDL2_image 2.0.4. A specially crafted XPM image\ncan cause an integer overflow, allocating too small of a buffer. This\nbuffer can then be written out of bounds resulting in a heap overflow,\nultimately ending in code execution. (CVE-2019-5059)\n\nAn exploitable code execution vulnerability exists in the XPM image\nrendering function of SDL2_image 2.0.4. A specially crafted XPM image\ncan cause an integer overflow in the colorhash function, allocating too\nsmall of a buffer. This buffer can then be written out of bounds,\nresulting in a heap overflow, ultimately ending in code execution.\n(CVE-2019-5060)\n\nAn issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL)\n2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.\nThere is a NULL pointer dereference in the SDL stdio_read function in\nfile/SDL_rwops.c. (CVE-2019-12217)\n\nAn issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL)\n2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.\nThere is a NULL pointer dereference in the SDL2_image function\nIMG_LoadPCX_RW at IMG_pcx.c. (CVE-2019-12218)\n\nAn issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL)\n2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.\nThere is an invalid free error in the SDL function SDL_SetError_REAL at\nSDL_error.c. (CVE-2019-12219)\n\nAn issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL)\n2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.\nThere is an out-of-bounds read in the SDL function SDL_FreePalette_REAL\nat video/SDL_pixels.c. (CVE-2019-12220)\n\nAn issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL)\n2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.\nThere is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.\n(CVE-2019-12221)\n\nAn issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL)\n2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap\nat video/SDL_pixels.c. (CVE-2019-12222)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has\na heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when\ncalled from SDL_SoftBlit in video/SDL_blit.c. (CVE-2019-13616)\n","modified":"2026-04-16T04:42:38.017599953Z","published":"2019-12-06T14:15:42Z","upstream":["CVE-2019-12217","CVE-2019-12218","CVE-2019-12219","CVE-2019-12220","CVE-2019-12221","CVE-2019-12222","CVE-2019-13616","CVE-2019-5051","CVE-2019-5052","CVE-2019-5057","CVE-2019-5058","CVE-2019-5059","CVE-2019-5060"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0364.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25767"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2019-09/msg00027.html"}],"affected":[{"package":{"name":"sdl2_image","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/sdl2_image?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.5-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0364.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}