MGASA-2017-0398

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0398.html

Import Source

https://advisories.mageia.org/MGASA-2017-0398.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0398

Related

CVE-2017-2888

Published

2017-11-02T21:47:07Z

Modified

2017-11-02T21:09:52Z

Summary

Updated sdl2 packages fix security vulnerability

Details

Yves Younan of Cisco Talos discovered an exploitable integer overflow vulnerability when creating a new RGB Surface in SDL 2.0.x before version 2.0.7. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability (CVE-2017-2888).

References

https://advisories.mageia.org/MGASA-2017-0398.html
https://bugs.mageia.org/show_bug.cgi?id=21882
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395
http://hg.libsdl.org/SDL/rev/7e0f1498ddb5
http://hg.libsdl.org/SDL/rev/81a4950907a0

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2017-0398

Affected packages