1
Candidate: CVE-2018-3838
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3838
5
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520
7
An exploitable information vulnerability exists in the XCF image rendering
8
functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially
9
crafted XCF image can cause an out-of-bounds read on the heap, resulting in
10
information disclosure. An attacker can display a specially crafted image
11
to trigger this vulnerability.
20
Patches_libsdl2-image:
21
upstream: https://hg.libsdl.org/SDL_image/rev/c5f9cbb5d2bbcb2150ba0596ea56b49efeed660d
22
upstream_libsdl2-image: released (2.0.3+dfsg1-1)
23
precise/esm_libsdl2-image: DNE
24
trusty_libsdl2-image: released (2.0.0+dfsg-3+deb8u1build0.14.04.1)
25
xenial_libsdl2-image: released (2.0.1+dfsg-2+deb9u1build0.16.04.1)
26
artful_libsdl2-image: needs-triage
27
bionic_libsdl2-image: not-affected (2.0.3+dfsg1-1)
28
devel_libsdl2-image: not-affected (2.0.3+dfsg1-1)
31
upstream_sdl-image1.2: released (1.2.12-8)
32
precise/esm_sdl-image1.2: DNE
33
trusty_sdl-image1.2: released (1.2.12-5+deb9u1build0.14.04.1)
34
xenial_sdl-image1.2: released (1.2.12-5+deb9u1build0.16.04.1)
35
artful_sdl-image1.2: needs-triage
36
bionic_sdl-image1.2: not-affected (1.2.12-8)
37
devel_sdl-image1.2: not-affected (1.2.12-8)