Code Execution Vulnerability in SDL2_image by Simple DirectMedia Layer
CVE-2018-3839

7.5HIGH

Key Information:

Vendor: Cisco
Status: Simple Directmedia
Vendor: CVE Published:; 10 April 2018

What is CVE-2018-3839?

A vulnerability exists within the XCF image rendering functionality of SDL2_image version 2.0.2 that allows for an out-of-bounds write on the heap. This is triggered when a specially crafted XCF image is processed, potentially leading to arbitrary code execution by attackers. The exploit can enable attackers to manipulate images in a way that compromises the system's integrity and security by running malicious code.

Affected Version(s)

Simple DirectMedia Simple DirectMedia Layer SDL2_image 2.0.2

References

https://www.debian.org/security/2018/dsa-4177

vendor-advisory

https://www.debian.org/security/2018/dsa-4184

vendor-advisory

https://security.gentoo.org/glsa/201903-17

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2018
Vulnerability Reserved
Jan 2, 2018

Cisco

What is CVE-2018-3839?

Affected Version(s)

References

CVSS V3.1

Timeline