Debian Security Advisory DSA 1493-1 (sdl-image1.2)

Published: 2008-02-15 22:29:21
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Recommendations:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201493-1

Technical Details:
Several local/remote vulnerabilities have been discovered in the image loading library for the Simple DirectMedia Layer 1.2. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6697 Gynvael Coldwind discovered a buffer overflow in GIF image parsing, which could result in denial of service and potentially the execution of arbitrary code. CVE-2008-0544 It was discovered that a buffer overflow in IFF ILBM image parsing could result in denial of service and potentially the execution of arbitrary code. For the stable distribution (etch), these problems have been fixed in version 1.2.5-2etch1. For the old stable distribution (sarge), these problems have been fixed in version 1.2.4-1etch1. Due to a copy & paste error etch1 was appended to the version number instead of sarge1. Since the update is otherwise technically correct, the update was not rebuild to the buildd network. We recommend that you upgrade your sdl-image1.2 Linux Distribution Packages.

Summary:
The remote host is missing an update to sdl-image1.2 announced via advisory DSA 1493-1.

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2007-6697
https://nvd.nist.gov/vuln/detail/CVE-2008-0554
https://nvd.nist.gov/vuln/detail/CVE-2008-0544

Search
Severity
High
CVSS Score
10.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.