pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b1153fc0bf
vuln-list-alt/oval/c9f2/ALT-PU-2018-3678/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

231 lines
11 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20183678",
"Version": "oval:org.altlinux.errata:def:20183678",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-3678: package `SDL2_image` update to version 2.0.3-alt1.S1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-3678",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-3678",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-01510",
"RefURL": "https://bdu.fstec.ru/vul/2018-01510",
"Source": "BDU"
},
{
"RefID": "CVE-2017-12122",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12122",
"Source": "CVE"
},
{
"RefID": "CVE-2017-14440",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14440",
"Source": "CVE"
},
{
"RefID": "CVE-2017-14441",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14441",
"Source": "CVE"
},
{
"RefID": "CVE-2017-14442",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14442",
"Source": "CVE"
},
{
"RefID": "CVE-2017-14448",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14448",
"Source": "CVE"
},
{
"RefID": "CVE-2017-14449",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14449",
"Source": "CVE"
},
{
"RefID": "CVE-2017-14450",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14450",
"Source": "CVE"
},
{
"RefID": "CVE-2018-3837",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-3837",
"Source": "CVE"
},
{
"RefID": "CVE-2018-3838",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-3838",
"Source": "CVE"
},
{
"RefID": "CVE-2018-3839",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-3839",
"Source": "CVE"
}
],
"Description": "This update upgrades SDL2_image to version 2.0.3-alt1.S1. \nSecurity Fix(es):\n\n * BDU:2018-01510: Уязвимость библиотеки загрузки изображений sdl-image, связанная с ошибками работы с памятью, позволяющая нарушителю вызвать отказ в обслуживании или нарушить целостность данных\n\n * CVE-2017-12122: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.\n\n * CVE-2017-14440: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.\n\n * CVE-2017-14441: An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.\n\n * CVE-2017-14442: An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.\n\n * CVE-2017-14448: An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.\n\n * CVE-2017-14449: A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.\n\n * CVE-2017-14450: A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.\n\n * CVE-2018-3837: An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.\n\n * CVE-2018-3838: An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability.\n\n * CVE-2018-3839: An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-04-08"
},
"Updated": {
"Date": "2024-04-08"
},
"BDUs": [
{
"ID": "BDU:2018-01510",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2018-01510",
"Impact": "High",
"Public": "20180424"
}
],
"CVEs": [
{
"ID": "CVE-2017-12122",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12122",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-14440",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14440",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-14441",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14441",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-14442",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14442",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-14448",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14448",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-14449",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14449",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-14450",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14450",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2018-3837",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-3837",
"Impact": "Low",
"Public": "20180410"
},
{
"ID": "CVE-2018-3838",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-3838",
"Impact": "Low",
"Public": "20180410"
},
{
"ID": "CVE-2018-3839",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-3839",
"Impact": "High",
"Public": "20180410"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20183678001",
"Comment": "libSDL2_image is earlier than 0:2.0.3-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20183678002",
"Comment": "libSDL2_image-devel is earlier than 0:2.0.3-alt1.S1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink