CVE-2018-3838

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Simple Directmedia
Vendor: CVE Published:; 10 April 2018

Summary

An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability.

Affected Version(s)

Simple DirectMedia Simple DirectMedia Layer SDL2_image 2.0.2

References

https://www.debian.org/security/2018/dsa-4177

vendor-advisoryx_refsource_DEBIAN

https://www.debian.org/security/2018/dsa-4184

vendor-advisoryx_refsource_DEBIAN

https://security.gentoo.org/glsa/201903-17

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2018
Vulnerability Reserved
Jan 2, 2018

.