Multiple vulnerabilities have been found in the image loading library for Simple DirectMedia Layer, the worst of which could result in the remote execution of arbitrary code.
|Package||media-libs/sdl2-image on all architectures|
|Affected versions||< 2.0.4|
|Unaffected versions||>= 2.0.4|
SDL_image is an image file library that loads images as SDL surfaces, and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM, TGA, TIFF, XCF, XPM, and XV.
Multiple vulnerabilities have been discovered in SDL2_Image. Please review the CVE identifiers referenced below for details.
A remote attacker, by enticing a user to process a specially crafted image file, could execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information.
There is no known workaround at this time.
All SDL2_Image users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/sdl2-image-2.0.4"