Register | Log in

libsdl2-image

Choose email to subscribe with

general

source: libsdl2-image (main)
version: 2.8.8+dfsg-2
maintainer: Debian SDL packages maintainers (archive) (DMD)
uploaders: Simon McVittie [DMD] – Manuel A. Fernandez Montecelo [DMD] – Felix Geyer [DMD]
arch: any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.0.5+dfsg1-2
oldstable: 2.6.3+dfsg-1
stable: 2.8.8+dfsg-1
testing: 2.8.8+dfsg-2
unstable: 2.8.8+dfsg-2

versioned links

2.0.5+dfsg1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.6.3+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.8+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.8+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsdl2-image-2.0-0
libsdl2-image-dev
libsdl2-image-tests

action needed

A new upstream version is available: 2.8.10 high

A new upstream version 2.8.10 is available, you should consider packaging it.

Created: 2026-04-08 Last update: 2026-04-08 16:30

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2026-35444: SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8.

Created: 2026-04-07 Last update: 2026-04-07 15:00

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-35444: SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8.

Created: 2026-04-07 Last update: 2026-04-07 15:00

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-35444: SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8.

Created: 2026-04-07 Last update: 2026-04-07 15:00

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2026-35444: SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8.

Created: 2026-04-07 Last update: 2026-04-07 15:00

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2026-35444: SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8.

Created: 2026-04-07 Last update: 2026-04-07 15:00

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.8.8+dfsg-3, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit fe7c4933b6e89e4fa77d385d20b79020dc9ee013
Author: Simon McVittie <smcv@debian.org>
Date:   Sat Feb 21 11:02:56 2026 +0000

    d/source/lintian-overrides: Remove
    
    This should no longer be needed: the Lintian bug has been fixed.

commit b1d3508bb316c29999b15bfb050bbbea707120d6
Author: Simon McVittie <smcv@debian.org>
Date:   Fri Jan 16 13:59:42 2026 +0000

    d/upstream-signing-key.asc: Accept Sam's new signing key
    
    Reference: https://github.com/libsdl-org/SDL/issues/14796

commit b43ad5f368e513e93f98ae5b1d6074b4545a0af0
Author: Simon McVittie <smcv@debian.org>
Date:   Fri Jan 2 18:33:12 2026 +0000

    Update changelog

commit 608d52ae4e703434ed860e9a1c924cb8372628f6
Author: Simon McVittie <smcv@debian.org>
Date:   Fri Jan 2 18:32:49 2026 +0000

    d/control: Remove Priority field, no longer needed

commit 4f7887fcfa6f980b6a4ee22172f387b85488bac1
Author: Simon McVittie <smcv@debian.org>
Date:   Fri Jan 2 18:32:30 2026 +0000

    d/control: Standards-Version: 4.7.3 (no changes required)

Created: 2026-01-02 Last update: 2026-04-07 00:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).

Created: 2025-12-23 Last update: 2026-03-31 15:01

news

[2025-12-26] libsdl2-image 2.8.8+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-12-20] Accepted libsdl2-image 2.8.8+dfsg-2 (source) into unstable (Simon McVittie)
[2025-03-09] libsdl2-image 2.8.8+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-03-04] Accepted libsdl2-image 2.8.8+dfsg-1 (source) into unstable (Simon McVittie)
[2025-03-03] Accepted libsdl2-image 2.8.6+dfsg-2 (source) into unstable (Simon McVittie)
[2025-03-03] Accepted libsdl2-image 2.8.6+dfsg-1 (source) into unstable (Simon McVittie)
[2025-02-14] libsdl2-image 2.8.5+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-02-08] Accepted libsdl2-image 2.8.5+dfsg-1 (source) into unstable (Simon McVittie)
[2025-01-05] libsdl2-image 2.8.4+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-12-30] Accepted libsdl2-image 2.8.4+dfsg-1 (source) into unstable (Simon McVittie)
[2024-01-08] libsdl2-image 2.8.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-01-02] Accepted libsdl2-image 2.8.2+dfsg-1 (source) into unstable (Simon McVittie)
[2023-12-21] libsdl2-image 2.8.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-12-15] Accepted libsdl2-image 2.8.1+dfsg-1 (source) into unstable (Simon McVittie)
[2023-12-12] libsdl2-image 2.8.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-12-07] Accepted libsdl2-image 2.8.0+dfsg-1 (source) into unstable (Simon McVittie)
[2023-07-22] libsdl2-image 2.6.3+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-07-16] Accepted libsdl2-image 2.6.3+dfsg-2 (source) into unstable (Simon McVittie)
[2023-02-19] libsdl2-image 2.6.3+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-02-09] Accepted libsdl2-image 2.6.3+dfsg-1 (source) into unstable (Simon McVittie)
[2022-11-03] libsdl2-image 2.6.2+dfsg-2 MIGRATED to testing (Debian testing watch)
[2022-10-28] Accepted libsdl2-image 2.6.2+dfsg-2 (source) into unstable (Simon McVittie)
[2022-09-04] libsdl2-image 2.6.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-09-04] Accepted libsdl2-image 2.6.2+dfsg-1 (source) into unstable (Simon McVittie)
[2022-07-15] libsdl2-image 2.6.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-07-09] Accepted libsdl2-image 2.6.0+dfsg-1 (source) into unstable (Simon McVittie)
[2022-06-17] Accepted libsdl2-image 2.5.2+dfsg-1 (source) into experimental (Simon McVittie)
[2022-05-30] Accepted libsdl2-image 2.5.1+dfsg-2 (source) into experimental (Simon McVittie)
[2022-05-27] Accepted libsdl2-image 2.5.1+dfsg-1+newqueue (amd64 source) into experimental, experimental (Debian FTP Masters) (signed by: Simon McVittie)
[2022-05-27] Accepted libsdl2-image 2.5.0~git20220525+g2b8e888+dfsg-2 (amd64 source) into experimental, experimental (Debian FTP Masters) (signed by: Simon McVittie)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.8.8+dfsg-2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing