Candidate: CVE-2017-14448
PublicDate: 2018-04-24 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14448
 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497
 https://hg.libsdl.org/SDL_image/rev/7df1580f1695
Description:
 An exploitable code execution vulnerability exists in the XCF image
 rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image
 can cause a heap overflow resulting in code execution. An attacker can
 display a specially crafted image to trigger this vulnerability.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_libsdl2-image:
upstream_libsdl2-image: released (2.0.3+dfsg1-1)
precise/esm_libsdl2-image: DNE
trusty_libsdl2-image: released (2.0.0+dfsg-3+deb8u1build0.14.04.1)
trusty/esm_libsdl2-image: DNE (trusty was released [2.0.0+dfsg-3+deb8u1build0.14.04.1])
xenial_libsdl2-image: released (2.0.1+dfsg-2+deb9u1build0.16.04.1)
artful_libsdl2-image: ignored (reached end-of-life)
bionic_libsdl2-image: not-affected (2.0.3+dfsg1-1)
devel_libsdl2-image: not-affected (2.0.3+dfsg1-1)

Patches_sdl-image1.2:
upstream_sdl-image1.2: released (1.2.12-8)
precise/esm_sdl-image1.2: DNE
trusty_sdl-image1.2: released (1.2.12-5+deb9u1build0.14.04.1)
trusty/esm_sdl-image1.2: released (1.2.12-5+deb9u1build0.14.04.1)
xenial_sdl-image1.2: released (1.2.12-5+deb9u1build0.16.04.1)
artful_sdl-image1.2: ignored (reached end-of-life)
bionic_sdl-image1.2: not-affected (1.2.12-8)
devel_sdl-image1.2: not-affected (1.2.12-8)