CVE-2018-3977

Priority
Description
An exploitable code execution vulnerability exists in the XCF image
rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image
can cause a heap overflow, resulting in code execution. An attacker can
display a specially crafted image to trigger this vulnerability.
Notes
Package
Upstream:released (2.0.3+dfsg1-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.0.4+dfsg1-2ubuntu2.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.0.4+dfsg1-2ubuntu2.16.04.1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.0.4+dfsg1-2ubuntu2.16.04.1)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.0.4+dfsg1-2ubuntu2.16.04.1)
Ubuntu 20.04 (Focal Fossa):not-affected (2.0.4+dfsg1-2ubuntu2.16.04.1)
Package
Upstream:released (1.2.12-10)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (1.2.12-5+deb9u1ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.2.12-8ubuntu0.1)
Ubuntu 19.04 (Disco Dingo):not-affected (1.2.12-10)
Ubuntu 19.10 (Eoan Ermine):not-affected (1.2.12-10)
Ubuntu 20.04 (Focal Fossa):not-affected (1.2.12-10)
More Information

Updated: 2020-01-16 13:14:24 UTC (commit 9a1f88aaaba7ae6c9dd2872226390ee1f32b7826)