CVE-2017-14449

Published: 24 April 2018

A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
libsdl2-image
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.3+dfsg1-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.0.3+dfsg1-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.0.1+dfsg-2+deb9u1build0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.0.0+dfsg-3+deb8u1build0.14.04.1])
sdl-image1.2
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)