An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability. https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394
Created SDL_image tracking bugs for this issue: Affects: epel-6 [bug 1500451] Affects: epel-7 [bug 1500453] Affects: fedora-all [bug 1500455] Created mingw-SDL_image tracking bugs for this issue: Affects: epel-7 [bug 1500454] Affects: fedora-all [bug 1500452]
Andrej, these 2 CVEs are for 2 different package.
(In reply to Igor Gnatenko from comment #2) > Andrej, these 2 CVEs are for 2 different package. Ah, I missed that the second report mentioned SDL, not SDL_image. Thanks for the heads up, will split the bugzilla now.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.