CVE-2019-5052

Priority
Description
An exploitable integer overflow vulnerability exists when loading a PCX
file in SDL2_image 2.0.4. A specially crafted file can cause an integer
overflow, resulting in too little memory being allocated, which can lead to
a buffer overflow and potential code execution. An attacker can provide a
specially crafted image file to trigger this vulnerability.
Notes
Package
Upstream:released (2.0.5+dfsg1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan Ermine):not-affected (2.0.5+dfsg1-1)
Ubuntu 20.04 (Focal Fossa):not-affected (2.0.5+dfsg1-1)
Patches:
Upstream:https://hg.libsdl.org/SDL_image/rev/b920be2b3fc6
Package
Upstream:released (1.2.12-11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (1.2.12-5+deb9u1ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.2.12-8ubuntu0.1)
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan Ermine):not-affected (1.2.12-11)
Ubuntu 20.04 (Focal Fossa):not-affected (1.2.12-11)
More Information

Updated: 2020-01-16 13:14:27 UTC (commit 9a1f88aaaba7ae6c9dd2872226390ee1f32b7826)