CVE-2007-6697

Published: 01 February 2008

Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.

Priority

Medium

Status

Package Release Status
sdl-image1.2
Launchpad, Ubuntu, Debian
Upstream
Released (1.2.7)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist
(precise was not-affected)
Patches:
Vendor: http://www.debian.org/security/2008/dsa-1493
Debdiff: https://bugs.launchpad.net/ubuntu/+source/sdl-image1.2/+bug/185782
swi-prolog
Launchpad, Ubuntu, Debian
Upstream
Released
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist
(precise was needed)
Patches:
Upstream: http://www.swi-prolog.org/git/packages/xpce.git/commit/785efb7b94d28c7dbb5b4f2b6f5a908092cf7652