Candidate: CVE-2018-3837
PublicDate: 2018-04-10 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3837
 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519
Description:
 An exploitable information disclosure vulnerability exists in the PCX image
 rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A
 specially crafted PCX image can cause an out-of-bounds read on the heap,
 resulting in information disclosure . An attacker can display a specially
 crafted image to trigger this vulnerability.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N [5.5 MEDIUM]


Patches_libsdl2-image:
 upstream: https://hg.libsdl.org/SDL_image/rev/2938fc80591abeae74b971cbdf966eff3213297e
upstream_libsdl2-image: released (2.0.3+dfsg1-1)
precise/esm_libsdl2-image: DNE
trusty_libsdl2-image: released (2.0.0+dfsg-3+deb8u1build0.14.04.1)
trusty/esm_libsdl2-image: DNE (trusty was released [2.0.0+dfsg-3+deb8u1build0.14.04.1])
xenial_libsdl2-image: released (2.0.1+dfsg-2+deb9u1build0.16.04.1)
artful_libsdl2-image: ignored (reached end-of-life)
bionic_libsdl2-image: not-affected (2.0.3+dfsg1-1)
devel_libsdl2-image: not-affected (2.0.3+dfsg1-1)

Patches_sdl-image1.2:
upstream_sdl-image1.2: released (1.2.12-8)
precise/esm_sdl-image1.2: DNE
trusty_sdl-image1.2: released (1.2.12-5+deb9u1build0.14.04.1)
trusty/esm_sdl-image1.2: released (1.2.12-5+deb9u1build0.14.04.1)
xenial_sdl-image1.2: released (1.2.12-5+deb9u1build0.16.04.1)
artful_sdl-image1.2: ignored (reached end-of-life)
bionic_sdl-image1.2: not-affected (1.2.12-8)
devel_sdl-image1.2: not-affected (1.2.12-8)