LWN.net Logo

Advertisement

Linux Plumbers Conference

Userspace and kernelspace - together at last!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Handling kernel security problems

What Red Hat and Firestar agreed to

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ
Rackspace.com

SDL_image: buffer overflows

Package(s):SDL_image CVE #(s):CVE-2007-6697 CVE-2008-0544
Created:February 8, 2008 Updated:March 27, 2008
Description: From the Mandriva advisory: The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image contain a boundary error that could be triggered to cause a static buffer overflow and a heap-based buffer overflow. If a user using an application linked against the SDL_image library were to open a carefully crafted GIF or IFF ILBM file, the application could crash or possibly allow for the execution of arbitrary code.
Alerts:
Mandriva MDVSA-2008:040 2007-02-07
Debian DSA-1493-1 2008-02-10
rPath rPSA-2008-0061-1 2008-02-13
Debian DSA-1493-2 2008-03-16
Ubuntu USN-595-1 2008-03-26
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.