Description: Fixed TALOS-2019-0842 - XCF Image Code Execution Vulnerability This patch addresses a bug in a previous security patch for CVE-2018-3977. The initial patch failing to address this issue, the bug was "re-discovered" later and addressed CVE-2019-5058. Author: Sam Lantinga <slouken@libsdl.org> Origin: upstream, https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10 --- a/IMG_xcf.c 2019-08-08 15:28:56.008856406 +0200 +++ b/IMG_xcf.c 2019-08-08 15:29:17.322145207 +0200 @@ -634,7 +634,7 @@ p16 = (Uint16 *) p8; p = (Uint32 *) p8; for (y=ty; y < ty+oy; y++) { - if ((ty >= surface->h) || ((tx+ox) > surface->w)) { + if ((y >= surface->h) || ((tx+ox) > surface->w)) { break; } row = (Uint32 *)((Uint8 *)surface->pixels + y*surface->pitch + tx*4);