| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2017-2887.patch | # HG changeset patch # User Sam Lantinga <slouken@libsdl.org> # Date 1507329619 25200 # Node ID 318484db0705d07d4d1f4c0a1d3d5ea69f6ba2b0 # Parent 7ad06019831d474380fd5a63e518d21219031519 Fixed security vulnerability in XCF image loader (thanks Yves!) diff -r 7ad06019831d -r 318484db0705 IMG_xcf.c |
no | ||||
| CVE-2017-12122-1.patch | lbm: use correct variable to check color planes. | no | upstream, https://hg.libsdl.org/SDL_image/rev/16772bbb1b09 | |||
| CVE-2017-12122-2.patch | lbm: Fail to load images with unsupported/bogus color depth. | no | upstream, https://hg.libsdl.org/SDL_image/rev/97f7f01e0665 | |||
| CVE-2017-14440.patch | lbm: Don't overflow static colormap buffer. | no | upstream, https://hg.libsdl.org/SDL_image/rev/bfa08dc02b3c | |||
| CVE-2017-14441.patch | ico: reject obviously incorrect image sizes. | no | upstream, https://hg.libsdl.org/SDL_image/rev/a1e9b624ca10 | |||
| CVE-2017-14442.patch | bmp: don't overflow palette buffer with bogus biClrUsed values. | no | upstream, https://hg.libsdl.org/SDL_image/rev/37445f6180a8 | |||
| CVE-2017-14448.patch | xcf: deal with bogus data in rle tile decoding. | no | upstream, https://hg.libsdl.org/SDL_image/rev/7df1580f1695 | |||
| CVE-2017-14450.patch | gif: report error on bogus LWZ data, instead of overflowing a buffer. | no | upstream, https://hg.libsdl.org/SDL_image/rev/45e750f92c84 | |||
| CVE-2018-3837.patch | pcx: don't overflow buffer if bytes-per-line is less than image width. | no | upstream, https://hg.libsdl.org/SDL_image/rev/2938fc80591a | |||
| CVE-2018-3838.patch | xcf: Prevent infinite loop and/or buffer overflow on bogus data. | no | upstream, https://hg.libsdl.org/SDL_image/rev/c5f9cbb5d2bb | |||
| CVE-2018-3839.patch | xcf: check for some potential integer overflows. | no | upstream, https://hg.libsdl.org/SDL_image/rev/fb643e371806 | |||
| CVE-2018-3977.patch | CVE-2018-3977 | Ryan C. Gordon <icculus@icculus.org> | no | upstream, https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8 | 2018-11-04 | |
| CVE-2019-12218.patch | fix heap buffer overflow issue in IMG_pcx.c Issue known as TALOS-2019-0841, CVE-2019-12218. | Sam Lantinga <slouken@libsdl.org> | no | upstream, https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb | ||
| CVE-2019-5052.patch | fix invalid data read on bpl == -1 Issue known as TALOS-2019-0821, or CVE-2019-5052. | Sam Lantinga <slouken@libsdl.org> | no | upstream, https://hg.libsdl.org/SDL_image/rev/b920be2b3fc6 | ||
| IMG_pcx-out-of-bounds.patch | fix multiple OOB issues in IMG_pcx.c This patches addresses following issues: CVE-2019-12222, CVE-2019-12221, CVE-2019-12220, CVE-2019-12219 and CVE-2019-12217. |
Sam Lantinga <slouken@libsdl.org>, Hugo Lefeuvre <hle@debian.org> | no | upstream, https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34 | ||
| CVE-2019-7635.patch | fix Heap-Buffer Overflow in Blit1to4 (IMG_bmp.c) | Sam Lantinga <slouken@libsdl.org> | no | upstream, https://hg.libsdl.org/SDL_image/rev/03bd33e8cb49 | ||
| CVE-2019-5058.patch | Fixed TALOS-2019-0842 - XCF Image Code Execution Vulnerability This patch addresses a bug in a previous security patch for CVE-2018-3977. The initial patch failing to address this issue, the bug was "re-discovered" later and addressed CVE-2019-5058. |
Sam Lantinga <slouken@libsdl.org> | no | upstream, https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10 | ||
| CVE-2019-5059.patch | Backport of upstream fix: # HG changeset patch # User Sam Lantinga <slouken@libsdl.org> # Date 1560235821 25200 # Node ID 95fc7da55247a4368848144b9374a88a6494fd5c # Parent b1a80aec2b1037704b666d716505da6ba968cba9 Fixed TALOS-2019-0843 - XPM image color code code execution vulnerability By providing a sufficiently large ncolors and cpp value, the buffer allocation size can overflow into a size too small to hold the color code string. This causes the memcpy to cause a heap overflow, potentially resulting in code execution. |
no | ||||
| CVE-2019-5060.patch | Backport of upstream fix: # HG changeset patch # User Sam Lantinga <slouken@libsdl.org> # Date 1560237306 25200 # Node ID 26061e601c8157427ca319d943a715174dadce8c # Parent 95fc7da55247a4368848144b9374a88a6494fd5c Fixed TALOS-2019-0844 - XPM image colorhash parsing Code Execution Vulnerability The table entry in the color_hash is created in the create_colorhash function based on the number of colors passed into the function. The size of the color_hash table is the first value in the powers of 2 larger than the passed in number of colors [2]. The size of the allocation is this calculated value * 8 (sizeof(struct hash_entry **)) [3]. This multiplication can cause an overflow, resulting in a very small allocation. |
no | ||||
| CVE-2019-13616.patch | # HG changeset patch # User Ozkan Sezer <sezeroz@gmail.com> # Date 1564511355 -10800 # Node ID a59bfe382008d2a14fa31f33b35a3ca473e9354f # Parent 9ccaa3a0dfb6af18252c238797e53a9a899b0662 Fixed bug 4538 - validate image size when loading BMP files |
no | ||||
| showimage-Add-save-and-quit-options.patch | showimage: Add -save and -quit options This allows showimage to be used as a non-interactive smoke-test to check that the SDL_image library can be linked against successfully. |
Simon McVittie <smcv@collabora.com> | no | 2019-09-23 | ||
| bug809038.patch | Fixed bug Bug 3214 - SDL_image causes "libpng warning: Interlace handling should be turned on when using png_read_image" when loading interlaced images Hans de Goede When starting an app which uses SDL_image to load interlaced png-s with a recent libpng, the following message is printed to the terminal: libpng warning: Interlace handling should be turned on when using png_read_image Once per loaded png. The attached patch fixes this. |
Sam Lantinga <slouken@libsdl.org> | no | backport, 2.0.3, commit:e63624fb63e063be67c788c29a3616ae02c18e99 | 2018-02-07 |