First Last Prev Next    This bug is not in your last search results.
Bug 1089087 - (CVE-2018-3839) VUL-0: CVE-2018-3839: SDL_image,SDL2_image: An exploitable code execution vulnerability exists in the XCF image renderingfunctionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially craftedXCF image can cause an out-of-bounds write on the
(CVE-2018-3839)
VUL-0: CVE-2018-3839: SDL_image,SDL2_image: An exploitable code execution vul...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/203583/
CVSSv3:SUSE:CVE-2018-3839:5.8:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-04-11 12:02 UTC by Marcus Meissner
Modified: 2020-04-28 15:02 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-04-11 12:02:38 UTC 
CVE-2018-3839

An exploitable code execution vulnerability exists in the XCF image rendering
functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted
XCF image can cause an out-of-bounds write on the heap, resulting in code
execution. An attacker can display a specially crafted image to trigger this
vulnerability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3839
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521
Comment 4 Swamp Workflow Management 2018-11-07 20:11:31 UTC 
SUSE-SU-2018:3657-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1084256,1084257,1084288,1084303,1084304,1089087
CVE References: CVE-2017-12122,CVE-2017-14440,CVE-2017-14442,CVE-2017-14448,CVE-2017-14450,CVE-2018-3839
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    SDL_image-1.2.6-84.42.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    SDL_image-1.2.6-84.42.1
Comment 5 Swamp Workflow Management 2018-11-09 09:20:20 UTC 
This is an autogenerated message for OBS integration:
This bug (1089087) was mentioned in
https://build.opensuse.org/request/show/647528 42.3 / SDL2_image
https://build.opensuse.org/request/show/647529 15.0 / SDL2_image
Comment 6 Swamp Workflow Management 2018-11-20 20:27:59 UTC 
openSUSE-SU-2018:3828-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1089087,1114519
CVE References: CVE-2018-3839,CVE-2018-3977
Sources used:
openSUSE Leap 42.3 (src):    SDL2_image-2.0.4-13.13.1
Comment 7 Swamp Workflow Management 2018-11-24 17:14:44 UTC 
openSUSE-SU-2018:3896-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1089087,1114519
CVE References: CVE-2018-3839,CVE-2018-3977
Sources used:
openSUSE Leap 15.0 (src):    SDL2_image-2.0.4-lp150.2.3.1
Comment 8 Swamp Workflow Management 2018-11-24 23:08:42 UTC 
openSUSE-SU-2018:3906-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1089087,1114519
CVE References: CVE-2018-3839,CVE-2018-3977
Sources used:
openSUSE Backports SLE-15 (src):    SDL2_image-2.0.4-bp150.3.3.1
Comment 9 Alexandros Toptsoglou 2020-04-28 15:02:12 UTC 
Done
First Last Prev Next    This bug is not in your last search results.