An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.
Created SDL_image tracking bugs for this issue:
Affects: epel-6 [bug 1500451]
Affects: epel-7 [bug 1500453]
Affects: fedora-all [bug 1500455]
Created mingw-SDL_image tracking bugs for this issue:
Affects: epel-7 [bug 1500454]
Affects: fedora-all [bug 1500452]
Andrej, these 2 CVEs are for 2 different package.
(In reply to Igor Gnatenko from comment #2)
> Andrej, these 2 CVEs are for 2 different package.
Ah, I missed that the second report mentioned SDL, not SDL_image. Thanks for the heads up, will split the bugzilla now.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.