SDL2_Image: Multiple vulnerabilities

SDL2_Image: Multiple vulnerabilities Multiple vulnerabilities have been found in the image loading library for Simple DirectMedia Layer, the worst of which could result in the remote execution of arbitrary code. sdl_image 2019-03-28 2019-03-28 655226 674132 local, remote 2.0.4 2.0.4

SDL_image is an image file library that loads images as SDL surfaces, and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM, TGA, TIFF, XCF, XPM, and XV.

Multiple vulnerabilities have been discovered in SDL2_Image. Please review the CVE identifiers referenced below for details.

A remote attacker, by enticing a user to process a specially crafted image file, could execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information.

There is no known workaround at this time.

All SDL2_Image users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=media-libs/sdl2-image-2.0.4"

CVE-2017-12122 CVE-2017-14440 CVE-2017-14441 CVE-2017-14442 CVE-2017-14448 CVE-2017-14449 CVE-2017-14450 CVE-2018-3837 CVE-2018-3838 CVE-2018-3839 CVE-2018-3977 b-man b-man