Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!

Full Text Bug Listing

SA28640

        SDL_image 1.x




Description:
Two vulnerabilities have been reported in SDL_image, which can be exploited by
malicious people to cause a DoS (Denial of Service) or potentially compromise
an application using the library.

1) A boundary error within the "LWZReadByte()" function in IMG_gif.c can be
exploited to trigger the overflow of a static buffer via a specially crafted
GIF file.

2) A boundary error within the "IMG_LoadLBM_RW()" function in IMG_lbm.c can be
exploited to cause a heap-based buffer overflow via a specially crafted IFF
ILBM file.

The vulnerabilities are reported in version 1.2.6. Prior versions may also be
affected.

Solution:
Fixed in SVN repository.
http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_gif.c?r1=2970&r2=3462
http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_lbm.c?r1=3341&r2=3521

Provided and/or discovered by:
1) The vendor credits Michael Skladnikiewicz. Also reported by Gynvael
Coldwind, Team Vexillium.
2) The vendor credits David Raulo.

Original Advisory:
1) http://www.libsdl.org/cgi/viewvc.cgi/...HANGES?revision=3462&view=markup
http://vexillium.org/?sec-sdlgif
2) http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_lbm.c?r1=3341&r2=3521

please see following patches which should apply fine
http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_gif.c?r1=2970&r2=3462
http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_lbm.c?r1=3341&r2=3521

Rev bumped, added the patches, forced all previously stable archs stable and
removed the older, vulnerable ebuilds from portage.

Carry on.

Thanks a lot Mr. Bones. for your reactivity :)


GLSA request^H^H^H^H^H^H^H^H draft filled

could someone please add "CVE-2007-6697" to the list? (i dont have the needed
permissions)

GLSA 200802-01