CVE-2017-2887 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-2887 Interim 1 19 2023-12-08T01:39:43Z current 2021-05-30T13:50:29Z 2023-12-08T01:39:43Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-2887 An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15-ESPOS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server Business Critical Linux 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 openSUSE Leap 15.2 openSUSE Tumbleweed SDL2 libSDL2-2_0-0 libSDL2-2_0-0-32bit libSDL2-devel libSDL2_image-2_0-0-2.0.5-1.14 libSDL2_image-2_0-0-2.0.5-lp152.1.6 libSDL2_image-2_0-0-32bit-2.0.5-1.14 libSDL2_image-devel-2.0.5-1.14 libSDL2_image-devel-32bit-2.0.5-1.14 libSDL2_image-2_0-0-2.0.5-lp152.1.6 as a component of openSUSE Leap 15.2 libSDL2_image-2_0-0-2.0.5-1.14 as a component of openSUSE Tumbleweed libSDL2_image-2_0-0-32bit-2.0.5-1.14 as a component of openSUSE Tumbleweed libSDL2_image-devel-2.0.5-1.14 as a component of openSUSE Tumbleweed libSDL2_image-devel-32bit-2.0.5-1.14 as a component of openSUSE Tumbleweed libSDL2-2_0-0 as a component of SUSE CaaS Platform 4.0 libSDL2-2_0-0-32bit as a component of SUSE CaaS Platform 4.0 libSDL2-devel as a component of SUSE CaaS Platform 4.0 SDL2 as a component of SUSE CaaS Platform 4.0 SDL2 as a component of SUSE Enterprise Storage 6 libSDL2-2_0-0 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libSDL2-2_0-0-32bit as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libSDL2-devel as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SDL2 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libSDL2-2_0-0 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS libSDL2-2_0-0-32bit as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS libSDL2-devel as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS SDL2 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS libSDL2-2_0-0 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libSDL2-2_0-0-32bit as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libSDL2-devel as a component of SUSE Linux Enterprise Server 15 SP1-LTSS SDL2 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS SDL2 as a component of SUSE Linux Enterprise Server 15-ESPOS libSDL2-2_0-0 as a component of SUSE Linux Enterprise Server 15-LTSS libSDL2-2_0-0-32bit as a component of SUSE Linux Enterprise Server 15-LTSS libSDL2-devel as a component of SUSE Linux Enterprise Server 15-LTSS SDL2 as a component of SUSE Linux Enterprise Server 15-LTSS SDL2 as a component of SUSE Linux Enterprise Server Business Critical Linux 15 SP1 libSDL2-2_0-0 as a component of SUSE Linux Enterprise Server for SAP Applications 15 libSDL2-2_0-0-32bit as a component of SUSE Linux Enterprise Server for SAP Applications 15 libSDL2-devel as a component of SUSE Linux Enterprise Server for SAP Applications 15 SDL2 as a component of SUSE Linux Enterprise Server for SAP Applications 15 libSDL2-2_0-0 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libSDL2-2_0-0-32bit as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libSDL2-devel as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 SDL2 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 SDL2 as a component of SUSE Manager Proxy 4.0 SDL2 as a component of SUSE Manager Retail Branch Server 4.0 SDL2 as a component of SUSE Manager Server 4.0 An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability. CVE-2017-2887 openSUSE Leap 15.2:libSDL2_image-2_0-0-2.0.5-lp152.1.6 openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14 openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14 SUSE CaaS Platform 4.0:SDL2 SUSE CaaS Platform 4.0:libSDL2-2_0-0 SUSE CaaS Platform 4.0:libSDL2-2_0-0-32bit SUSE CaaS Platform 4.0:libSDL2-devel SUSE Enterprise Storage 6:SDL2 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:SDL2 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libSDL2-2_0-0 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libSDL2-2_0-0-32bit SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libSDL2-devel SUSE Linux Enterprise High Performance Computing 15-LTSS:SDL2 SUSE Linux Enterprise High Performance Computing 15-LTSS:libSDL2-2_0-0 SUSE Linux Enterprise High Performance Computing 15-LTSS:libSDL2-2_0-0-32bit SUSE Linux Enterprise High Performance Computing 15-LTSS:libSDL2-devel SUSE Linux Enterprise Server 15 SP1-LTSS:SDL2 SUSE Linux Enterprise Server 15 SP1-LTSS:libSDL2-2_0-0 SUSE Linux Enterprise Server 15 SP1-LTSS:libSDL2-2_0-0-32bit SUSE Linux Enterprise Server 15 SP1-LTSS:libSDL2-devel SUSE Linux Enterprise Server 15-ESPOS:SDL2 SUSE Linux Enterprise Server 15-LTSS:SDL2 SUSE Linux Enterprise Server 15-LTSS:libSDL2-2_0-0 SUSE Linux Enterprise Server 15-LTSS:libSDL2-2_0-0-32bit SUSE Linux Enterprise Server 15-LTSS:libSDL2-devel SUSE Linux Enterprise Server Business Critical Linux 15 SP1:SDL2 SUSE Linux Enterprise Server for SAP Applications 15 SP1:SDL2 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libSDL2-2_0-0 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libSDL2-2_0-0-32bit SUSE Linux Enterprise Server for SAP Applications 15 SP1:libSDL2-devel SUSE Linux Enterprise Server for SAP Applications 15:SDL2 SUSE Linux Enterprise Server for SAP Applications 15:libSDL2-2_0-0 SUSE Linux Enterprise Server for SAP Applications 15:libSDL2-2_0-0-32bit SUSE Linux Enterprise Server for SAP Applications 15:libSDL2-devel SUSE Manager Proxy 4.0:SDL2 SUSE Manager Retail Branch Server 4.0:SDL2 SUSE Manager Server 4.0:SDL2 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H