Source: libsdl2-image Version: 2.8.8+dfsg-2 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: clone -1 -2 -3 Control: reassign -2 src:libsdl3-image 3.4.0+ds-1 Control: retitle -2 libsdl3-image: CVE-2026-35444 Control: reassign -3 src:sdl-image1.2 1.2.12-14 Control: retitle -3 sdl-image1.2: CVE-2026-35444
Hi, The following vulnerability was published for libsdl2-image. CVE-2026-35444[0]: | SDL_image is a library to load images of various formats as SDL | surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values | from decoded XCF tile data are used directly as colormap indices | without validating them against the colormap size (cm_num). A | crafted .xcf file with a small colormap and out-of-range pixel | indices causes heap out-of-bounds reads of up to 762 bytes past the | colormap allocation. Both IMAGE_INDEXED code paths are affected | (bpp=1 and bpp=2). The leaked heap bytes are written into the output | surface pixel data, making them potentially observable in the | rendered image. This vulnerability is fixed with commit | 996bf12888925932daace576e09c3053410896f8. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-35444 https://www.cve.org/CVERecord?id=CVE-2026-35444 [1] https://github.com/libsdl-org/SDL_image/security/advisories/GHSA-gq8w-x74c-h6p7 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
