CVE-2019-5051

Priority
Description
An exploitable heap-based buffer overflow vulnerability exists when loading
a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead
to a buffer overflow and potential code execution. An attacker can provide
a specially crafted image file to trigger this vulnerability.
Notes
Package
Upstream:released (2.0.5+dfsg1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan Ermine):not-affected (2.0.5+dfsg1-1)
Ubuntu 20.04 (Focal Fossa):not-affected (2.0.5+dfsg1-1)
Package
Upstream:released (1.2.12-11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (1.2.12-5+deb9u1ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.2.12-8ubuntu0.1)
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan Ermine):not-affected (1.2.12-11)
Ubuntu 20.04 (Focal Fossa):not-affected (1.2.12-11)
More Information

Updated: 2020-01-16 13:14:27 UTC (commit 9a1f88aaaba7ae6c9dd2872226390ee1f32b7826)