OVAL Reference oval:org.opensuse.security:def:20172887

Oval Definition:

oval:org.opensuse.security:def:20172887

Revision Date:	2022-06-30	Version:	1
Title:	CVE-2017-2887
Description:	An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2017-2887 Mitre CVE-2017-2887 SUSE CVE-2017-2887 openSUSE-SU-2018:0490-1
Platform(s):	openSUSE Leap 42.3 openSUSE Tumbleweed	Product(s):
Definition Synopsis
openSUSE Leap 42.3 is installed AND Package Information SDL2_image-2.0.0-13.7 is installed AND SDL2_image is signed with openSUSE key OR SDL_image-1.2.12-16.3 is installed AND SDL_image is signed with openSUSE key OR libSDL2_image-2_0-0-2.0.0-13.7 is installed AND libSDL2_image-2_0-0 is signed with openSUSE key OR libSDL2_image-2_0-0-32bit-2.0.0-13.7 is installed AND libSDL2_image-2_0-0-32bit is signed with openSUSE key OR libSDL2_image-devel-2.0.0-13.7 is installed AND libSDL2_image-devel is signed with openSUSE key OR libSDL2_image-devel-32bit-2.0.0-13.7 is installed AND libSDL2_image-devel-32bit is signed with openSUSE key OR libSDL_image-1_2-0-1.2.12-16.3 is installed AND libSDL_image-1_2-0 is signed with openSUSE key OR libSDL_image-1_2-0-32bit-1.2.12-16.3 is installed AND libSDL_image-1_2-0-32bit is signed with openSUSE key OR libSDL_image-devel-1.2.12-16.3 is installed AND libSDL_image-devel is signed with openSUSE key OR libSDL_image-devel-32bit-1.2.12-16.3 is installed AND libSDL_image-devel-32bit is signed with openSUSE key
Definition Synopsis
openSUSE Tumbleweed is installed AND Package Information libSDL2_image-2_0-0-2.0.5-1.14 is installed OR libSDL2_image-2_0-0-32bit-2.0.5-1.14 is installed OR libSDL2_image-devel-2.0.5-1.14 is installed OR libSDL2_image-devel-32bit-2.0.5-1.14 is installed

BACK