Candidate: CVE-2017-2887
PublicDate: 2017-10-11 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2887
 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394
 https://hg.libsdl.org/SDL_image/rev/318484db0705
Description:
 An exploitable buffer overflow vulnerability exists in the XCF property
 handling functionality of SDL_image 2.0.1. A specially crafted xcf file can
 cause a stack-based buffer overflow resulting in potential code execution.
 An attacker can provide a specially crafted XCF file to trigger this
 vulnerability.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878266
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878267
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_libsdl2-image:
upstream_libsdl2-image: released (2.0.1+dfsg-4)
precise/esm_libsdl2-image: DNE
trusty_libsdl2-image: released (2.0.0+dfsg-3+deb8u1build0.14.04.1)
trusty/esm_libsdl2-image: DNE (trusty was released [2.0.0+dfsg-3+deb8u1build0.14.04.1])
vivid/ubuntu-core_libsdl2-image: DNE
xenial_libsdl2-image: released (2.0.1+dfsg-2+deb9u1build0.16.04.1)
zesty_libsdl2-image: ignored (reached end-of-life)
artful_libsdl2-image: ignored (reached end-of-life)
bionic_libsdl2-image: not-affected (2.0.1+dfsg-4)
devel_libsdl2-image: not-affected (2.0.1+dfsg-4)

Patches_sdl-image1.2:
upstream_sdl-image1.2: released (1.2.12-7)
precise/esm_sdl-image1.2: DNE
trusty_sdl-image1.2: released (1.2.12-5+deb9u1build0.14.04.1)
trusty/esm_sdl-image1.2: released (1.2.12-5+deb9u1build0.14.04.1)
vivid/ubuntu-core_sdl-image1.2: DNE
xenial_sdl-image1.2: released (1.2.12-5+deb9u1build0.16.04.1)
zesty_sdl-image1.2: ignored (reached end-of-life)
artful_sdl-image1.2: ignored (reached end-of-life)
bionic_sdl-image1.2: not-affected (1.2.12-7)
devel_sdl-image1.2: not-affected (1.2.12-7)