Information Disclosure Vulnerability in Simple DirectMedia Layer SDL2_image by Simple DirectMedia Layer
CVE-2018-3838

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Simple Directmedia
Vendor: CVE Published:; 10 April 2018

What is CVE-2018-3838?

An exploitable information disclosure vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. By presenting a specially crafted XCF image to the user, an attacker can trigger an out-of-bounds read on the heap, potentially leading to the exposure of sensitive information. This vulnerability requires careful handling of image processing within the affected software to prevent security risks.

Affected Version(s)

Simple DirectMedia Simple DirectMedia Layer SDL2_image 2.0.2

References

https://www.debian.org/security/2018/dsa-4177

vendor-advisoryx_refsource_DEBIAN

https://www.debian.org/security/2018/dsa-4184

vendor-advisoryx_refsource_DEBIAN

https://security.gentoo.org/glsa/201903-17

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2018
Vulnerability Reserved
Jan 2, 2018

Cisco

What is CVE-2018-3838?

Affected Version(s)

References

CVSS V3.1

Timeline