PublicDateAtUSN: 2019-07-03 19:15:00 UTC Candidate: CVE-2019-5051 PublicDate: 2019-07-03 19:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5051 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820 https://ubuntu.com/security/notices/USN-4238-1 Description: An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. Ubuntu-Description: USN-4238-1 addressed serveral vulnerabilities in SDL_image. This update provides the corresponding fixes for Ubuntu 14.04 ESM. Notes: Bugs: Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH] Patches_libsdl2-image: upstream_libsdl2-image: released (2.0.5+dfsg1-1) precise/esm_libsdl2-image: DNE trusty_libsdl2-image: ignored (out of standard support) trusty/esm_libsdl2-image: DNE xenial_libsdl2-image: ignored (end of standard support, was needed) bionic_libsdl2-image: needed cosmic_libsdl2-image: ignored (reached end-of-life) disco_libsdl2-image: ignored (reached end-of-life) eoan_libsdl2-image: not-affected (2.0.5+dfsg1-1) focal_libsdl2-image: not-affected (2.0.5+dfsg1-1) groovy_libsdl2-image: not-affected (2.0.5+dfsg1-1) hirsute_libsdl2-image: not-affected (2.0.5+dfsg1-1) impish_libsdl2-image: not-affected (2.0.5+dfsg1-1) jammy_libsdl2-image: not-affected (2.0.5+dfsg1-1) devel_libsdl2-image: not-affected (2.0.5+dfsg1-1) Patches_sdl-image1.2: upstream_sdl-image1.2: released (1.2.12-11) precise/esm_sdl-image1.2: DNE trusty_sdl-image1.2: ignored (out of standard support) trusty/esm_sdl-image1.2: needed xenial_sdl-image1.2: released (1.2.12-5+deb9u1ubuntu0.16.04.1) bionic_sdl-image1.2: released (1.2.12-8ubuntu0.1) cosmic_sdl-image1.2: ignored (reached end-of-life) disco_sdl-image1.2: ignored (reached end-of-life) eoan_sdl-image1.2: not-affected (1.2.12-11) focal_sdl-image1.2: not-affected (1.2.12-11) groovy_sdl-image1.2: not-affected (1.2.12-11) hirsute_sdl-image1.2: not-affected (1.2.12-11) impish_sdl-image1.2: not-affected (1.2.12-11) jammy_sdl-image1.2: not-affected (1.2.12-11) devel_sdl-image1.2: not-affected (1.2.12-11)