Code Execution Vulnerability in SDL2_image by Simple DirectMedia Layer
CVE-2018-3839

7.5HIGH

Key Information:

Vendor
Cisco
Status
Simple Directmedia
Vendor
CVE Published:
10 April 2018

Summary

A vulnerability exists within the XCF image rendering functionality of SDL2_image version 2.0.2 that allows for an out-of-bounds write on the heap. This is triggered when a specially crafted XCF image is processed, potentially leading to arbitrary code execution by attackers. The exploit can enable attackers to manipulate images in a way that compromises the system's integrity and security by running malicious code.

Affected Version(s)

Simple DirectMedia Simple DirectMedia Layer SDL2_image 2.0.2

References

https://www.debian.org/security/2018/dsa-4177
vendor-advisory
https://www.debian.org/security/2018/dsa-4184
vendor-advisory
https://security.gentoo.org/glsa/201903-17
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.