SB20260612127 - Fedora 44 update for mingw-SDL2_image

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20260612127

SB20260612127 - Fedora 44 update for mingw-SDL2_image

Published: June 12, 2026

Security Bulletin ID SB20260612127
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Out-of-bounds read (CVE-ID: CVE-2026-35444)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in do_layer_surface() in src/IMG_xcf.c when parsing a crafted .xcf file containing out-of-range colormap indices. A remote attacker can trick the victim into opening a crafted file to disclose sensitive information.

The leaked heap bytes are written into the output surface pixel data and may be observable in the rendered image.


Remediation

Install update from vendor's website.

References