sdlimage

• Vulnerable: 1.2.6-1
• Unaffected: 1.2.6-2kalgan1

Two vulnerabilities have been reported in SDL_image, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

1. A boundary error within the “LWZReadByte()” function in IMG_gif.c can be exploited to trigger the overflow of a static buffer via a specially crafted GIF file.
2. A boundary error within the “IMG_LoadLBM_RW()” function in IMG_lbm.c can be exploited to cause a heap-based buffer overflow via a specially crafted IFF ILBM file.

• Bug Tracker URL: http://bugs.frugalware.org/task/2916

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6697
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0544