SA28640 SDL_image 1.x Description: Two vulnerabilities have been reported in SDL_image, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. 1) A boundary error within the "LWZReadByte()" function in IMG_gif.c can be exploited to trigger the overflow of a static buffer via a specially crafted GIF file. 2) A boundary error within the "IMG_LoadLBM_RW()" function in IMG_lbm.c can be exploited to cause a heap-based buffer overflow via a specially crafted IFF ILBM file. The vulnerabilities are reported in version 1.2.6. Prior versions may also be affected. Solution: Fixed in SVN repository. http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_gif.c?r1=2970&r2=3462 http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_lbm.c?r1=3341&r2=3521 Provided and/or discovered by: 1) The vendor credits Michael Skladnikiewicz. Also reported by Gynvael Coldwind, Team Vexillium. 2) The vendor credits David Raulo. Original Advisory: 1) http://www.libsdl.org/cgi/viewvc.cgi/...HANGES?revision=3462&view=markup http://vexillium.org/?sec-sdlgif 2) http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_lbm.c?r1=3341&r2=3521
please see following patches which should apply fine http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_gif.c?r1=2970&r2=3462 http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_lbm.c?r1=3341&r2=3521
Rev bumped, added the patches, forced all previously stable archs stable and removed the older, vulnerable ebuilds from portage. Carry on.
Thanks a lot Mr. Bones. for your reactivity :) GLSA request^H^H^H^H^H^H^H^H draft filled
could someone please add "CVE-2007-6697" to the list? (i dont have the needed permissions)
GLSA 200802-01
