Bug 1084297 - (CVE-2017-14449) VUL-1: CVE-2017-14449: SDL2_image: double-Free in the XCF image rendering
(CVE-2017-14449)
VUL-1: CVE-2017-14449: SDL2_image: double-Free in the XCF image rendering
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 42.3
Other Other
: P4 - Low : Minor (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/201300/
CVSSv2:NVD:CVE-2017-14449:6.8:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-07 11:56 UTC by Johannes Segitz
Modified: 2018-11-21 10:48 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-03-07 11:56:00 UTC
A flaw was found in Simple DirectMedia Layer. A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.

openSUSE only

References:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498
https://bugzilla.redhat.com/show_bug.cgi?id=1552181
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14449
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14449.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14449
Comment 1 Swamp Workflow Management 2018-03-09 09:30:37 UTC
This is an autogenerated message for OBS integration:
This bug (1084297) was mentioned in
https://build.opensuse.org/request/show/584627 42.3 / SDL2_image
Comment 2 Swamp Workflow Management 2018-03-09 15:40:40 UTC
This is an autogenerated message for OBS integration:
This bug (1084297) was mentioned in
https://build.opensuse.org/request/show/585027 42.3 / SDL2+SDL2_image
Comment 3 Swamp Workflow Management 2018-03-18 14:10:05 UTC
openSUSE-SU-2018:0734-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1025413,1084256,1084257,1084282,1084288,1084297,1084303,1084304
CVE References: CVE-2017-12122,CVE-2017-14440,CVE-2017-14441,CVE-2017-14442,CVE-2017-14448,CVE-2017-14449,CVE-2017-14450
Sources used:
openSUSE Leap 42.3 (src):    SDL2-2.0.8-18.1, SDL2_image-2.0.3-13.10.1
Comment 4 Jan Engelhardt 2018-03-26 12:09:31 UTC
swamp says it's out