CVE-2017-14441 (retired)

Priority
Description
An exploitable code execution vulnerability exists in the ICO image
rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image
can cause an integer overflow, cascading to a heap overflow resulting in
code execution. An attacker can display a specially crafted image to
trigger this vulnerability.
Notes
Package
Upstream:released (2.0.3+dfsg1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.0.1+dfsg-2+deb9u1build0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.0.3+dfsg1-1)
Package
Upstream:released (1.2.12-8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.2.12-5+deb9u1build0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.2.12-8)
More Information

Updated: 2019-10-09 07:59:14 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)