Red Hat Bugzilla – Bug 430100
CVE-2007-6697 SDL_image: GIF handling buffer overflow
Last modified: 2008-04-24 07:15:16 EDT
Input validation flaw was discovered in the SDL_image image handling library.
Value read from the Gif file is not properly validated against the buffer size
and can cause a buffer overflow.
More details about this issue can be found here:
Advisory states new upstream version 1.2.7 should be released soon addressing
Relevant upstream SVN commit seems to be:
Created attachment 292800 [details]
Reproducer from the advisory
This seems to be the same issue as CVE-2006-4484 (reported for gd embedded in
php sources back in 2006):
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the
GD extension in PHP before 5.1.5 allows remote attackers to have an unknown
impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which
triggers an overflow when initializing the table array.
GD/PHP CVS commit:
Seems to be included in upstream gd as of version 2.0.34.
Hey Tomas, should this bug still be filed against SDL_image, or should I open a
new bug against it?
Brian, our process is to file security bugs against 'Security Response' product
and make "tracking bugs" for affected product versions (current versions of
Fedora, Red Hat Enterprise Linux, Red Hat layered products). Technically, you
do not need Fedora bugs against SDL_image component in any specific Fedora
version, but we usually create them to make tracking of the issue easier.
SDL_image-1.2.5-7.fc7 has been submitted as an update for Fedora 7
There are other apps / projects affected by this problem too, as this GIF
handling code that seem to have been originally written by David Koblas is used
in more or less modified form in many projects:
Already listed above:
SDL_image - to be fixed in 1.2.7
gd - fixed in 2.0.34
Other identified affected projects:
netpbm (giftopnm converter) - fixed in 10.27
tk - to be fixed in upcoming 8.5.1
Other affected projects identified by Raphaël Marichez of Gentoo:
sourcenav (http://sourcenav.sourceforge.net) (verified in v 5.1.4)
insight (http://sourceware.org/insight/) (verified in v 6.5)
TK Perl Module (http://search.cpan.org/~ni-s/) (verified in v 804.027)
perl-Tk is also shipped in Fedora.
SDL_image-1.2.5-7.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Mitre has assigned CVE id CVE-2007-6697 to this issue as affecting SDL_image.
Public now for other affected projects. Opening comment #9.
This issue was addressed in: