FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-0544

This CVE name corresponds to:

Entered Topic
2008-05-02 sdl_image -- buffer overflow vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-0544 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-0544
Phase Assigned(20080201)

Description

Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information.

References

Source Reference
BUGTRAQ 20080213 rPSA-2008-0061-1 SDL_image
CONFIRM http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341&r2=3521
CONFIRM http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?revision=3521&view=markup
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=207933
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0061
CONFIRM https://issues.rpath.com/browse/RPL-2206
DEBIAN DSA-1493
FEDORA FEDORA-2008-1208
FEDORA FEDORA-2008-1231
GENTOO GLSA-200802-01
MANDRIVA MDVSA-2008:040
UBUNTU USN-595-1
BID 27435
VUPEN ADV-2008-0266
SECUNIA 28640
SECUNIA 28850
SECUNIA 28830
SECUNIA 28752
SECUNIA 28869
SECUNIA 29542
XF sdlimage-imgloadlbmrw-bo(39899)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.