Errata overview
Errata ID 581
Date 2019-09-11
Source package sdl-image1.2
Fixed in version 1.2.12-5+deb9u2
Description 
This update addresses the following issues:
* An exploitable code execution vulnerability exists in the XCF image
  rendering functionality. A specially crafted XCF image can cause a heap
  overflow, resulting in code execution. An attacker can display a specially
  crafted image to trigger this vulnerability. (CVE-2018-3977)
* An exploitable heap-based buffer overflow vulnerability exists when loading
  a PCX file. A missing error handler can lead to a buffer overflow and
  potential code execution. An attacker can provide a specially crafted image
  file to trigger this vulnerability. (CVE-2019-5051)
* An exploitable integer overflow vulnerability exists when loading a PCX
  file. A specially crafted file can cause an integer overflow, resulting in
  too little memory being allocated, which can lead to a buffer overflow and
  potential code execution. An attacker can provide a specially crafted image
  file to trigger this vulnerability. (CVE-2019-5052)
* An exploitable code execution vulnerability exists in the PCX
  image-rendering functionality. A specially crafted PCX image can cause a
  heap overflow, resulting in code execution. An attacker can display a
  specially crafted image to trigger this vulnerability. (CVE-2019-5057)
* An exploitable code execution vulnerability exists in the XCF image
  rendering functionality. A specially crafted XCF image can cause a heap
  overflow, resulting in code execution. An attacker can display a specially
  crafted image to trigger this vulnerability. (CVE-2019-5058)
* Heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c
  (CVE-2019-7635)
* Heap-based buffer overflow in function SDL2_image function IMG_LoadPCX_RW
  in IMG_pcx.c (CVE-2019-12216)
* null-pointer dereference in function stdio_read in file/SDL_rwops.c
  (CVE-2019-12217)
* null-pointer dereference in function IMG_LoadPCX_RW in IMG_pcx.c
  (CVE-2019-12218)
* Invalid free error in function SDL_SetError_REAL (CVE-2019-12219)
* Out-of-bounds read in function SDL_FreePalette_REAL in video/SDL_pixels.c
  (CVE-2019-12220)
* null-pointer dereference in function SDL_free_REAL in stdlib/SDL_malloc.c
  (CVE-2019-12221)
* Out-of-bounds read in function SDL_InvalidateMap in video/SDL_pixels.c
  (CVE-2019-12222)
Additional notes
CVE ID CVE-2018-3977
CVE-2019-5051
CVE-2019-5052
CVE-2019-5057
CVE-2019-5058
CVE-2019-7635
CVE-2019-12216
CVE-2019-12217
CVE-2019-12218
CVE-2019-12219
CVE-2019-12220
CVE-2019-12221
CVE-2019-12222
UCS Bug number #50163