Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 207933 (CVE-2007-6697)

Summary: media-libs/sdl-image-1.2.6: two Buffer overflows LWZReadByte() and IMG_LoadLBM_RW() (CVE-2007-6697, CVE-2008-0544)
Product: Gentoo Security Reporter: Raphael Marichez (Falco) (RETIRED) <falco>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: games
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/28640/
Whiteboard: B2 [glsa] Falco
Package list:
Runtime testing required: ---

Description Raphael Marichez (Falco) (RETIRED) gentoo-dev 2008-01-28 17:10:50 UTC 
SA28640

	SDL_image 1.x

	


Description:
Two vulnerabilities have been reported in SDL_image, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

1) A boundary error within the "LWZReadByte()" function in IMG_gif.c can be exploited to trigger the overflow of a static buffer via a specially crafted GIF file.

2) A boundary error within the "IMG_LoadLBM_RW()" function in IMG_lbm.c can be exploited to cause a heap-based buffer overflow via a specially crafted IFF ILBM file.

The vulnerabilities are reported in version 1.2.6. Prior versions may also be affected.

Solution:
Fixed in SVN repository.
http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_gif.c?r1=2970&r2=3462
http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_lbm.c?r1=3341&r2=3521

Provided and/or discovered by:
1) The vendor credits Michael Skladnikiewicz. Also reported by Gynvael Coldwind, Team Vexillium.
2) The vendor credits David Raulo.

Original Advisory:
1) http://www.libsdl.org/cgi/viewvc.cgi/...HANGES?revision=3462&view=markup
http://vexillium.org/?sec-sdlgif
2) http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_lbm.c?r1=3341&r2=3521
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2008-01-28 17:11:51 UTC 
please see following patches which should apply fine
http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_gif.c?r1=2970&r2=3462
http://www.libsdl.org/cgi/viewvc.cgi/...L_image/IMG_lbm.c?r1=3341&r2=3521
Comment 2 Mr. Bones. (RETIRED) gentoo-dev 2008-01-29 08:55:55 UTC 
Rev bumped, added the patches, forced all previously stable archs stable and removed the older, vulnerable ebuilds from portage.

Carry on.
Comment 3 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2008-01-29 09:35:31 UTC 
Thanks a lot Mr. Bones. for your reactivity :)


GLSA request^H^H^H^H^H^H^H^H draft filled
Comment 4 Lars Hartmann 2008-02-05 14:05:40 UTC 
could someone please add "CVE-2007-6697" to the list? (i dont have the needed permissions)
Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-06 22:19:31 UTC 
GLSA 200802-01