{"affected":[{"ecosystem_specific":{"binaries":[{"libSDL2-2_0-0":"2.0.5-7.1","libSDL2-devel":"2.0.5-7.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"SDL2","purl":"pkg:rpm/suse/SDL2&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.5-7.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for SDL2 fixes the following issues:\n\n- CVE-2017-2888: An exploitable integer overflow vulnerability exists\n  when creating a new RGB Surface in SDL. A specially crafted file can cause\n  an integer overflow resulting in too little memory being allocated which\n  can lead to a buffer overflow and potential code execution. An attacker\n  can provide a specially crafted image file to trigger this vulnerability. (bsc#1062784)\n","id":"openSUSE-SU-2017:2893-1","modified":"2017-10-27T19:17:03Z","published":"2017-10-27T19:17:03Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1062784"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-2888"}],"related":["CVE-2017-2888"],"summary":"Security update for SDL2","upstream":["CVE-2017-2888"]}