VDB

GCVE-110-MAGEIA-2018-454

GCVE-110-MAGEIA-2018-454
Advisory Published
Vulnetix · Advisory published November 17, 2018
This update fixes various security vulnerabilities affecting the SDL2_image library, listed below. The fixes are provided in SDL2_image 2.0.4, which depends on SDL2 2.0.8 or later. As such, the SDL2 and SDL2_mixer libraries are also updated to their current stable releases, providing various bug fixes and features. The security vulnerabilities fixed in this update are the following: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0488, CVE-2017-12122) An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0489, CVE-2017-14440) An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0490, CVE-2017-14441) An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0491, CVE-2017-14442) An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0497, CVE-2017-14448) A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0498, CVE-2017-14449) A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. (TALOS-2017-0499, CVE-2017-14450) An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2018-0519, CVE-2018-3837) An exploitable information vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2018-0520, CVE-2018-3838) An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2018-0521, CVE-2018-3839) An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2018-0645, CVE-2018-3977)

Affected Products

VendorProductVersionsPlatforms
Mageiamingw-SDL2_mixer2.0.4-1.mga6 (unaffected), 0 (affected)
Mageiasdl22.0.9-1.mga6 (unaffected), 0 (affected)
Mageiasdl2_mixer0 (affected), 2.0.4-1.mga6 (unaffected)
Mageiasdl2_image0 (affected), 2.0.4-1.mga6 (unaffected)
Mageiamingw-SDL2_image0 (affected), 2.0.4-1.mga6 (unaffected)
Mageiamingw-SDL20 (affected), 2.0.9-1.mga6 (unaffected)

Browse GCVE Records

72,096 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›