MGASA-2019-0364

Updated sdl2_image packages fix security vulnerabilities:

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. (CVE-2019-5051)

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. (CVE-2019-5052)

An exploitable code execution vulnerability exists in the PCX image rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (CVE-2019-5057)

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. (CVE-2019-5058)

An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. (CVE-2019-5059)

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. (CVE-2019-5060)

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a NULL pointer dereference in the SDL stdioread function in file/SDLrwops.c. (CVE-2019-12217)

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a NULL pointer dereference in the SDL2image function IMGLoadPCXRW at IMGpcx.c. (CVE-2019-12218)

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is an invalid free error in the SDL function SDLSetErrorREAL at SDL_error.c. (CVE-2019-12219)

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is an out-of-bounds read in the SDL function SDLFreePaletteREAL at video/SDL_pixels.c. (CVE-2019-12220)

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a SEGV in the SDL function SDLfreeREAL at stdlib/SDL_malloc.c. (CVE-2019-12221)

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDLInvalidateMap at video/SDLpixels.c. (CVE-2019-12222)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDLblitN.c when called from SDLSoftBlit in video/SDLblit.c. (CVE-2019-13616)