projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f266545) | patch
sdl2_image: security bump to version 2.0.3
authorPeter Korsgaard <peter@korsgaard.com>
Mon, 30 Apr 2018 12:04:59 +0000 (14:04 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Mon, 30 Apr 2018 15:38:32 +0000 (17:38 +0200)
commit5fb8fbbb3e776a186731ae929244a82ea2db1878
tree5231c6e33090582c4c5ac64f4fe5a9489f6516cdtree
parentf26654596ecfe40963cb51ba939c00de458fa82ecommit | diff
sdl2_image: security bump to version 2.0.3

Fixes the following security issues:

CVE-2017-12122: An exploitable code execution vulnerability exists in the
ILBM image rendering functionality of SDL2_image-2.0.2.  A specially crafted
ILBM image can cause a heap overflow resulting in code execution.  An
attacker can display a specially crafted image to trigger this
vulnerability.

CVE-2017-14440: An exploitable code execution vulnerability exists in the
ILBM image rendering functionality of SDL2_image-2.0.2.  A specially crafted
ILBM image can cause a stack overflow resulting in code execution.  An
attacker can display a specially crafted image to trigger this
vulnerability.

CVE-2017-14441: An exploitable code execution vulnerability exists in the
ICO image rendering functionality of SDL2_image-2.0.2.  A specially crafted
ICO image can cause an integer overflow, cascading to a heap overflow
resulting in code execution.  An attacker can display a specially crafted
image to trigger this vulnerability.

CVE-2017-14442: An exploitable code execution vulnerability exists in the
BMP image rendering functionality of SDL2_image-2.0.2.  A specially crafted
BMP image can cause a stack overflow resulting in code execution.  An
attacker can display a specially crafted image to trigger this
vulnerability.

CVE-2017-14448: An exploitable code execution vulnerability exists in the
XCF image rendering functionality of SDL2_image-2.0.2.  A specially crafted
XCF image can cause a heap overflow resulting in code execution.  An
attacker can display a specially crafted image to trigger this
vulnerability.

CVE-2017-14449: A double-Free vulnerability exists in the XCF image
rendering functionality of SDL2_image-2.0.2.  A specially crafted XCF image
can cause a Double-Free situation to occur.  An attacker can display a
specially crafted image to trigger this vulnerability.

CVE-2017-14450: A buffer overflow vulnerability exists in the GIF image
parsing functionality of SDL2_image-2.0.2.  A specially crafted GIF image
can lead to a buffer overflow on a global section.  An attacker can display
an image to trigger this vulnerability.

For details, see the announcement:

https://discourse.libsdl.org/t/sdl-image-2-0-3-released/23958

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/sdl2_image/sdl2_image.hash diff | blob | history
package/sdl2_image/sdl2_image.mk diff | blob | history