Information Disclosure Vulnerability in Simple DirectMedia Layer SDL2_image by Simple DirectMedia Layer
CVE-2018-3838

5.3MEDIUM

Key Information:

Vendor
Cisco
Status
Simple Directmedia
Vendor
CVE Published:
10 April 2018

Summary

An exploitable information disclosure vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. By presenting a specially crafted XCF image to the user, an attacker can trigger an out-of-bounds read on the heap, potentially leading to the exposure of sensitive information. This vulnerability requires careful handling of image processing within the affected software to prevent security risks.

Affected Version(s)

Simple DirectMedia Simple DirectMedia Layer SDL2_image 2.0.2

References

https://www.debian.org/security/2018/dsa-4177
vendor-advisoryx_refsource_DEBIAN
https://www.debian.org/security/2018/dsa-4184
vendor-advisoryx_refsource_DEBIAN
https://security.gentoo.org/glsa/201903-17
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.