Debian Patches
Status for sdl-image1.2/1.2.12-14
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2017-2887.patch | Fixed security vulnerability in XCF image loader (thanks Yves!) Originally hg commit 318484db0705d07d4d1f4c0a1d3d5ea69f6ba2b0. |
Sam Lantinga <slouken@libsdl.org> | yes | upstream | backport, 2.0.2, commit:https://github.com/libsdl-org/SDL_image/commit/e7723676825cd2b2ffef3316ec1879d7726618f2 | 2017-10-06 |
| CVE-2017-12122-1.patch | lbm: use correct variable to check color planes. | "Ryan C. Gordon" <icculus@icculus.org> | yes | upstream | upstream, 2.0.3, commit:16772bbb1b09, commit:https://github.com/libsdl-org/SDL_image/commit/571c0d7c62daeebeae30fb03f5712385bd3a95f0 | 2018-01-24 |
| CVE-2017-12122-2.patch | lbm: Fail to load images with unsupported/bogus color depth. | "Ryan C. Gordon" <icculus@icculus.org> | no | upstream, 2.0.3, commit:97f7f01e0665, commit:https://github.com/libsdl-org/SDL_image/commit/b48777d41c742227dd1c64fa1021fca55f53b9f3 | 2018-01-24 | |
| CVE-2017-14440.patch | lbm: Don't overflow static colormap buffer. | "Ryan C. Gordon" <icculus@icculus.org> | yes | upstream | upstream, 2.0.3, commit:bfa08dc02b3c, commit:https://github.com/libsdl-org/SDL_image/commit/1559b5ce67e25c8de65f0d4af020c1ec50cb7b85 | 2018-01-24 |
| CVE-2017-14441.patch | ico: reject obviously incorrect image sizes. | "Ryan C. Gordon" <icculus@icculus.org> | yes | upstream | upstream, 2.0.3, commit:a1e9b624ca10, commit:https://github.com/libsdl-org/SDL_image/commit/da6a5c54fdc0c926ab1233ae4792a1703c83e810 | 2018-01-24 |
| CVE-2017-14442.patch | bmp: don't overflow palette buffer with bogus biClrUsed values. | "Ryan C. Gordon" <icculus@icculus.org> | yes | upstream | upstream, 2.0.3, commit:37445f6180a8, commit:https://github.com/libsdl-org/SDL_image/commit/071a19952241576f2dcc579a9956e65555776e78 | 2018-01-24 |
| CVE-2017-14448.patch | xcf: deal with bogus data in rle tile decoding. | "Ryan C. Gordon" <icculus@icculus.org> | yes | upstream | backport, 2.0.3, commit:7df1580f1695, commit:https://github.com/libsdl-org/SDL_image/commit/8b6b94de1e4d228fef91a70f7f3bc4fc26d79cb2 | 2018-01-27 |
| CVE-2017-14450.patch | gif: report error on bogus LWZ data, instead of overflowing a buffer. | "Ryan C. Gordon" <icculus@icculus.org> | yes | upstream | upstream, 2.0.3, commit:45e750f92c84, commit:https://github.com/libsdl-org/SDL_image/commit/4c830d4862461b5d0b086289b251b850884cbd57 | 2018-01-27 |
| CVE-2018-3837.patch | pcx: don't overflow buffer if bytes-per-line is less than image width. | "Ryan C. Gordon" <icculus@icculus.org> | yes | upstream | backport, 2.0.3, commit:2938fc80591a, commit:https://github.com/libsdl-org/SDL_image/commit/f6769997411b2152ed48d0ec11a062e363bf94fd | 2018-02-07 |
| CVE-2018-3838.patch | xcf: Prevent infinite loop and/or buffer overflow on bogus data. | "Ryan C. Gordon" <icculus@icculus.org> | yes | upstream | upstream, 2.0.3, commit:c5f9cbb5d2bb, commit:https://github.com/libsdl-org/SDL_image/commit/4e006adf42593e8b0fd34b99f6f7b0b66f1e64f5 | 2018-02-07 |
| CVE-2018-3839.patch | xcf: check for some potential integer overflows. | "Ryan C. Gordon" <icculus@icculus.org> | yes | upstream | upstream, 2.0.3, commit:fb643e371806, commit:https://github.com/libsdl-org/SDL_image/commit/f9ad7549ad71609f6ea47c5951c7e09ad5d1a104.patch | 2018-02-07 |
| CVE-2018-3977.patch | xcf: Fix potential buffer overflow on corrupt or maliciously-crafted XCF file. | "Ryan C. Gordon" <icculus@icculus.org> | yes | upstream | upstream, 2.0.4, commit:170d7d32e4a8, commit:https://github.com/libsdl-org/SDL_image/commit/8373c58aa8c66e67e714e7a7caf8bd54ef162eac | 2018-09-26 |
| CVE-2019-12218.patch | Fixed TALOS-2019-0841, heap buffer overlow exploit Also fixed loading some images with incorrect palette location |
Sam Lantinga <slouken@libsdl.org> | yes | upstream | backport, 2.0.5, commit:7453e79c8cdb, commit:https://github.com/libsdl-org/SDL_image/commit/782d29a101351cf48c9e9f42e625f76027a93c5d | 2021-12-05 |
| CVE-2019-5052.patch | Fixed TALOS-2019-0821, reading invalid data from the file when bpl is -1 | Sam Lantinga <slouken@libsdl.org> | no | upstream, 2.0.5, commit:b920be2b3fc6, commit:https://github.com/libsdl-org/SDL_image/commit/802a9ecaad2cebb18223ba69d6570069725c6a0d | 2019-06-10 | |
| IMG_pcx-out-of-bounds.patch | Fixed bug 4628 - SEGV_UNKNOW in function SDL_free_REAL at SDL_malloc.c:5372-5 The PCX format specifies pcxh.BytesPerLine, which represents the size of a single plane's scanline in bytes. Valid PCX images should have pcxh.BytesPerLine >= surface->pitch. pcxh.BytesPerLine and surface->pitch can legitimately be different because pcxh.BytesPerLine is padded to be a multiple of machine word length (where file was created). If src_bits == 8 we directly read a whole scanline from src to row. This is a problem in the case where bpl > surface->pitch because row is too small. This allows attacker to perform unlimited OOB write on the heap. + remove pointless check bpl > surface->pitch, this is a valid situation + make sure we always read into buf which is big enough + in the case where src_bits == 8: copy these bytes back to row afterwar |
Sam Lantinga <slouken@libsdl.org> | yes | upstream | upstream, 2.0.5, commit:e7e9786a1a34, commit:https://github.com/libsdl-org/SDL_image/commit/1559b5ce67e25c8de65f0d4af020c1ec50cb7b85 | 2019-06-10 |
| CVE-2019-7635.patch | Fixed CVE-2019-7635 and bug 4498 - Heap-Buffer Overflow in Blit1to4 pertaining to SDL_blit_1.c The root cause is that the POC BMP file declares 3 colors used and 4 bpp palette, but pixel at line 28 and column 1 (counted from 0) has color number 3. Then when the image loaded into a surface is passed to SDL_DisplayFormat(), in order to convert it to a video format, a used bliting function looks up a color number 3 in a 3-element long color bliting map. (The map obviously has the same number entries as the surface format has colors.) Proper fix should refuse broken BMP images that have a pixel with a color index higher than declared number of "used" colors. Possibly more advanced fix could try to relocate the out-of-range color index into a vacant index (if such exists). |
Sam Lantinga <slouken@libsdl.org> | yes | upstream | upstream, 2.0.5, commit:03bd33e8cb49, commit:https://github.com/libsdl-org/SDL_image/commit/66d067c406bc01b516a2cae804f5d09768f73855 | 2021-12-05 |
| CVE-2019-5058.patch | Fixed TALOS-2019-0842 - XCF Image Code Execution Vulnerability This patch addresses a bug in a previous security patch for CVE-2018-3977. The initial patch failing to address this issue, the bug was "re-discovered" later and addressed CVE-2019-5058. |
Sam Lantinga <slouken@libsdl.org> | yes | upstream | upstream, 2.0.5, commit:b1a80aec2b10, commit:https://github.com/libsdl-org/SDL_image/commit/0c1db6f7bcf62feb897bc639976d118d2f3fa51b | 2019-06-10 |
| CVE-2019-5059.patch | Fixed TALOS-2019-0843 - XPM image color code code execution vulnerability By providing a sufficiently large ncolors and cpp value, the buffer allocation size can overflow into a size too small to hold the color code string. This causes the memcpy to cause a heap overflow, potentially resulting in code execution. |
Sam Lantinga <slouken@libsdl.org> | yes | upstream | backport, 2.0.5, commit:https://github.com/libsdl-org/SDL_image/commit/52b9d17eaf7b121c92328ce5d70c22be5739b0be | 2019-06-10 |
| CVE-2019-5060.patch | Fixed TALOS-2019-0844 - XPM image colorhash parsing Code Execution Vulnerability The table entry in the color_hash is created in the create_colorhash function based on the number of colors passed into the function. The size of the color_hash table is the first value in the powers of 2 larger than the passed in number of colors [2]. The size of the allocation is this calculated value * 8 (sizeof(struct hash_entry **)) [3]. This multiplication can cause an overflow, resulting in a very small allocation. |
Sam Lantinga <slouken@libsdl.org> | yes | upstream | backport, 2.0.5, commit:https://github.com/libsdl-org/SDL_image/commit/585b17706cbf1f553bfc507dd9ccbb8253611c9b | 2019-06-11 |
| CVE-2019-13616.patch | Fixed bug 4538 - validate image size when loading BMP files | Ozkan Sezer <sezeroz@gmail.com> | yes | upstream | upstream, https://github.com/libsdl-org/SDL_image/commit/e12c931e5bb260821ac7f11833eb627331779dcf | 2019-07-30 |
| showimage-Add-save-and-quit-options.patch | showimage: Add -save and -quit options This allows showimage to be used as a non-interactive smoke-test to check that the SDL_image library can be linked against successfully. |
Simon McVittie <smcv@collabora.com> | no | 2019-09-23 | ||
| bug809038.patch | Fixed bug Bug 3214 - SDL_image causes "libpng warning: Interlace handling should be turned on when using png_read_image" when loading interlaced images Hans de Goede When starting an app which uses SDL_image to load interlaced png-s with a recent libpng, the following message is printed to the terminal: libpng warning: Interlace handling should be turned on when using png_read_image Once per loaded png. The attached patch fixes this. |
Sam Lantinga <slouken@libsdl.org> | no | backport, 2.0.3, commit:e63624fb63e063be67c788c29a3616ae02c18e99 | 2018-02-07 | |
| png-fixes-for-building-against-libpng-1.6-and-fn.pointer-.patch | png: fixes for building against libpng-1.6, and fn.pointer type fixes. from default branch commits f83e70f2ec6c, 4c41cee3e961, 777206f89dd2, 4c73e89f2551, 43873c313f32, e729829dbfc2, 4078e65827ea, ace61a625208, 218eb926ba90, 71f0d661144f, and 4b70bfe18fb7 -- bugs 1884, 1912, 3082, and 3214. |
Ozkan Sezer <sezeroz@gmail.com> | no | debian | upstream, commit:019f68f9f9460bdc37e5098d360ebc85758cae5c | 2018-10-14 |
| IMG_webp.c-update-to-accomodate-libwebp-abi-changes-since.patch | IMG_webp.c: update to accomodate libwebp abi changes since v0.1.99: libwebp < v0.1.99 is incompatible with current versions of the library because the decode function signatures have changed to use size_t over int/uint32_t. This changeset backports three SDL2 commits listed below and copies the Windows and OSX binaries to match it. It also adds compile time checks for (WEBP_DECODER_ABI_VERSION < 0x0100) in order to properly define the function pointers: WEBP_DECODER_ABI_VERSION values are from decoder.h header as found in libwebp git tags at: https://chromium.googlesource.com/webm/libwebp/+refs 0x0100 corresponds to the abi version in 0.1.99 prerelease version. Backported SDL2 commits are as follows: r360: https://hg.libsdl.org/SDL_image/rev/3d002acf103d r378: https://hg.libsdl.org/SDL_image/rev/f83e70f2ec6c r531: https://hg.libsdl.org/SDL_image/rev/4491ac456363 |
Ozkan Sezer <sezeroz@gmail.com> | no | debian | upstream, commit:abb2c39f0326bd5ec3ebde314907c71a8487e997 | 2018-10-17 |