Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian LTS Advisory ([SECURITY] [DLA 1865-1] sdl-image1.2 security update)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'sdl-image1.2' package(s) announced via the DSA-1865-1 advisory.
Insight
Insight
The following issues have been found in sdl-image1.2, the 1.x version of the image file loading library. CVE-2018-3977 Heap buffer overflow in IMG_xcf.c. This vulnerability might be leveraged by remote attackers to cause remote code execution or denial of service via a crafted XCF file. CVE-2019-5051 Heap based buffer overflow in IMG_LoadPCX_RW, in IMG_pcx.c. This vulnerability might be leveraged by remote attackers to cause remote code execution or denial of service via a crafted PCX file. CVE-2019-5052 Integer overflow and subsequent buffer overflow in IMG_pcx.c. This vulnerability might be leveraged by remote attackers to cause remote code execution or denial of service via a crafted PCX file. CVE-2019-7635 Heap buffer overflow affecting Blit1to4, in IMG_bmp.c. This vulnerability might be leveraged by remote attackers to cause denial of service or any other unspecified impact via a crafted BMP file. CVE-2019-12216, CVE-2019-12217, CVE-2019-12218, CVE-2019-12219, CVE-2019-12220, CVE-2019-12221, CVE-2019-12222 Multiple out-of-bound read and write accesses affecting IMG_LoadPCX_RW, in IMG_pcx.c. These vulnerabilities might be leveraged by remote attackers to cause denial of service or any other unspecified impact via a crafted PCX file.
Affected Software
Affected Software
'sdl-image1.2' package(s) on Debian Linux.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
For Debian 8 'Jessie', these problems have been fixed in version 1.2.12-5+deb8u2. We recommend that you upgrade your sdl-image1.2 packages.