openSUSE Security Update : SDL_image (openSUSE-2019-2071)

high Nessus Plugin ID 128540
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote openSUSE host is missing a security update.


This update for SDL_image fixes the following issues :

Update SDL_Image to new snapshot 1.2.12+hg695.

Security issues fixed :

- TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)

- TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)

- TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)

- TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling (boo#1143766)

- TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)

- CVE-2019-7635: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (boo#1124827)

- CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).


Update the affected SDL_image packages.

See Also

Plugin Details

Severity: High

ID: 128540

File Name: openSUSE-2019-2071.nasl

Version: 1.3

Type: local

Agent: unix

Published: 9/6/2019

Updated: 9/23/2020

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C


Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:SDL_image-debugsource, p-cpe:/a:novell:opensuse:libSDL_image-1_2-0, p-cpe:/a:novell:opensuse:libSDL_image-1_2-0-32bit, p-cpe:/a:novell:opensuse:libSDL_image-1_2-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libSDL_image-1_2-0-debuginfo, p-cpe:/a:novell:opensuse:libSDL_image-devel, p-cpe:/a:novell:opensuse:libSDL_image-devel-32bit, cpe:/o:novell:opensuse:15.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 9/5/2019

Vulnerability Publication Date: 2/8/2019

Reference Information

CVE: CVE-2019-13616, CVE-2019-5052, CVE-2019-5057, CVE-2019-5058, CVE-2019-5059, CVE-2019-5060, CVE-2019-7635