Package: sdl-image1.2 / 1.2.12-5+deb9u2

Metadata

Package Version Patches format
sdl-image1.2 1.2.12-5+deb9u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2017 2887.patch | (download)

IMG_xcf.c | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

---
CVE 2017 12122 1.patch | (download)

IMG_lbm.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 lbm: use correct variable to check color planes.
CVE 2017 12122 2.patch | (download)

IMG_lbm.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 lbm: fail to load images with unsupported/bogus color depth.
CVE 2017 14440.patch | (download)

IMG_lbm.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 lbm: don't overflow static colormap buffer.
CVE 2017 14441.patch | (download)

IMG_bmp.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 ico: reject obviously incorrect image sizes.
CVE 2017 14442.patch | (download)

IMG_bmp.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 bmp: don't overflow palette buffer with bogus biclrused values.
CVE 2017 14448.patch | (download)

IMG_xcf.c | 17 17 + 0 - 0 !
1 file changed, 17 insertions(+)

 xcf: deal with bogus data in rle tile decoding.
CVE 2017 14450.patch | (download)

IMG_gif.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 gif: report error on bogus lwz data, instead of overflowing a buffer.
CVE 2018 3837.patch | (download)

IMG_pcx.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 pcx: don't overflow buffer if bytes-per-line is less than image width.
CVE 2018 3838.patch | (download)

IMG_xcf.c | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 xcf: prevent infinite loop and/or buffer overflow on bogus data.
CVE 2018 3839.patch | (download)

IMG_xcf.c | 12 12 + 0 - 0 !
1 file changed, 12 insertions(+)

 xcf: check for some potential integer overflows.
CVE 2019 12218.patch | (download)

IMG_pcx.c | 30 20 + 10 - 0 !
1 file changed, 20 insertions(+), 10 deletions(-)

 fix heap buffer overflow issue in img_pcx.c
 Issue known as TALOS-2019-0841, CVE-2019-12218.
CVE 2019 5052.patch | (download)

IMG_pcx.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix invalid data read on bpl == -1
 Issue known as TALOS-2019-0821, or CVE-2019-5052.
IMG_pcx out of bounds.patch | (download)

IMG_pcx.c | 23 14 + 9 - 0 !
1 file changed, 14 insertions(+), 9 deletions(-)

 fix multiple oob issues in img_pcx.c
 This patches addresses following issues: CVE-2019-12222, CVE-2019-12221,
 CVE-2019-12220, CVE-2019-12219 and CVE-2019-12217.
CVE 2018 3977.patch | (download)

IMG_xcf.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 fix potential buffer overflow on corrupt or maliciously-crafted xcf file.
 This patch bundles two fixes, the original one for CVE-2018-3977
 (TALOS-2018-0645) which is actually broken, and the followup patch
 (TALOS-2019-0842).
CVE 2019 7635.patch | (download)

IMG_bmp.c | 32 31 + 1 - 0 !
1 file changed, 31 insertions(+), 1 deletion(-)

 fix heap-buffer overflow in blit1to4 (img_bmp.c)