Bugzilla – Bug 1143763
VUL-0: CVE-2019-5057: SDL2_image: code execution vulnerability in the PCX image-rendering functionality of SDL2_image
Last modified: 2020-01-16 13:50:43 UTC
CVE-2019-5057 An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5057 http://www.cvedetails.com/cve/CVE-2019-5057/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5057 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841
This is an autogenerated message for OBS integration: This bug (1143763) was mentioned in https://build.opensuse.org/request/show/725541 15.0 / SDL2_image https://build.opensuse.org/request/show/725542 15.1 / SDL2_image
This is an autogenerated message for OBS integration: This bug (1143763) was mentioned in https://build.opensuse.org/request/show/725587 15.0 / SDL_image https://build.opensuse.org/request/show/725588 15.1 / SDL_image
This is an autogenerated message for OBS integration: This bug (1143763) was mentioned in https://build.opensuse.org/request/show/725636 Factory / SDL2_image https://build.opensuse.org/request/show/725637 15.0 / SDL2_image https://build.opensuse.org/request/show/725638 15.1 / SDL2_image
openSUSE-SU-2019:2070-1: An update that fixes 12 vulnerabilities is now available. Category: security (moderate) Bug References: 1135787,1135789,1135796,1135806,1136101,1140419,1140421,1141844,1143763,1143764,1143766,1143768 CVE References: CVE-2019-12217,CVE-2019-12218,CVE-2019-12220,CVE-2019-12221,CVE-2019-12222,CVE-2019-13616,CVE-2019-5051,CVE-2019-5052,CVE-2019-5057,CVE-2019-5058,CVE-2019-5059,CVE-2019-5060 Sources used: openSUSE Leap 15.1 (src): SDL2_image-2.0.5-lp151.2.5.1 openSUSE Leap 15.0 (src): SDL2_image-2.0.5-lp150.9.1
openSUSE-SU-2019:2071-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1124827,1140421,1141844,1143763,1143764,1143766,1143768 CVE References: CVE-2019-13616,CVE-2019-5052,CVE-2019-5057,CVE-2019-5058,CVE-2019-5059,CVE-2019-5060,CVE-2019-7635 Sources used: openSUSE Leap 15.1 (src): SDL_image-1.2.12+hg695-lp151.3.3.1 openSUSE Leap 15.0 (src): SDL_image-1.2.12+hg695-lp150.2.3.1
openSUSE-SU-2019:2108-1: An update that fixes 12 vulnerabilities is now available. Category: security (moderate) Bug References: 1135787,1135789,1135796,1135806,1136101,1140419,1140421,1141844,1143763,1143764,1143766,1143768 CVE References: CVE-2019-12217,CVE-2019-12218,CVE-2019-12220,CVE-2019-12221,CVE-2019-12222,CVE-2019-13616,CVE-2019-5051,CVE-2019-5052,CVE-2019-5057,CVE-2019-5058,CVE-2019-5059,CVE-2019-5060 Sources used: openSUSE Backports SLE-15-SP1 (src): SDL2_image-2.0.5-bp151.4.3.1 openSUSE Backports SLE-15 (src): SDL2_image-2.0.5-bp150.3.6.1
openSUSE-SU-2019:2109-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1124827,1140421,1141844,1143763,1143764,1143766,1143768 CVE References: CVE-2019-13616,CVE-2019-5052,CVE-2019-5057,CVE-2019-5058,CVE-2019-5059,CVE-2019-5060,CVE-2019-7635 Sources used: openSUSE Backports SLE-15-SP1 (src): SDL_image-1.2.12+hg695-bp151.4.3.1 openSUSE Backports SLE-15 (src): SDL_image-1.2.12+hg695-bp150.3.3.1
all done. Closing