207933 CVE-2007-6697 2008-01-28 17:10 0000 media-libs/sdl-image-1.2.6: two Buffer overflows LWZReadByte() and IMG_LoadLBM_RW() (CVE-2007-6697, CVE-2008-0544) 2009-08-11 12:01:03 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://secunia.com/advisories/28640/ B2 [glsa] Falco P2 normal --- 1 falco@gentoo.org security@gentoo.org games@gentoo.org falco@gentoo.org 2008-01-28 17:10:50 0000 SA28640 SDL_image 1.x Description: Two vulnerabilities have been reported in SDL_image, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. 1) A boundary error within the "LWZReadByte()" function in IMG_gif.c can be exploited to trigger the overflow of a static buffer via a specially crafted GIF file. 2) A boundary error within the "IMG_LoadLBM_RW()" function in IMG_lbm.c can be exploited to cause a heap-based buffer overflow via a specially crafted IFF ILBM file. The vulnerabilities are reported in version 1.2.6. Prior versions may also be affected. Solution: Fixed in SVN repository. http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_gif.c?r1=2970&r2=3462 http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_lbm.c?r1=3341&r2=3521 Provided and/or discovered by: 1) The vendor credits Michael Skladnikiewicz. Also reported by Gynvael Coldwind, Team Vexillium. 2) The vendor credits David Raulo. Original Advisory: 1) http://www.libsdl.org/cgi/viewvc.cgi/...HANGES?revision=3462&view=markup http://vexillium.org/?sec-sdlgif 2) http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_lbm.c?r1=3341&r2=3521 falco@gentoo.org 2008-01-28 17:11:51 0000 please see following patches which should apply fine http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_gif.c?r1=2970&r2=3462 http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_lbm.c?r1=3341&r2=3521 mr_bones_@gentoo.org 2008-01-29 08:55:55 0000 Rev bumped, added the patches, forced all previously stable archs stable and removed the older, vulnerable ebuilds from portage. Carry on. falco@gentoo.org 2008-01-29 09:35:31 0000 Thanks a lot Mr. Bones. for your reactivity :) GLSA request^H^H^H^H^H^H^H^H draft filled lars@chaotika.org 2008-02-05 14:05:40 0000 could someone please add "CVE-2007-6697" to the list? (i dont have the needed permissions) py@gentoo.org 2008-02-06 22:19:31 0000 GLSA 200802-01