Mandriva Update For SDL_image MDVSA-2008:040 (SDL_image) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image contain a boundary error that could be triggered to cause a static buffer overflow and a heap-based buffer overflow. If a user using an application linked against the SDL_image library were to open a carefully crafted GIF or IFF ILBM file, the application could crash or possibly allow for the execution of arbitrary code. The updated packages have been patched to correct this issue.

Affected

SDL_image on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2007-6697, CVE-2008-0544
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)
Mandrake Security Advisory MDVSA-2009:005 (xterm)
Mandrake Security Advisory MDVSA-2009:078 (evolution-data-server)
Mandrake Security Advisory MDVSA-2009:088 (wireshark)
Mandrake Security Advisory MDVSA-2009:093 (mpg123)

Mandriva Update for SDL_image MDVSA-2008:040 (SDL_image)

Take action and discover your vulnerabilities