CVE-2017-14440 — Out-of-bounds Write in SDL Image

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources

Severity

8.8HIGHNVD

EPSS

2.0%

top 16.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAM Lantinga AND Mattias Engdeg RD Simple Directmedia Layer Debian Linux Libsdl SDL Image

Timeline

PublishedApr 24

Latest updateMay 13

Description

An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDlibsdl/sdl_image2.0.2

▶CVEListV5sam_lantinga_and_mattias_engdeg_rd/simple_directmedia_layerSDL2_image 2.0.2

Also affects: Debian Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-9hhm-gpw6-h7cc: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2↗2022-05-13

▶

CVEList

CVE-2017-14440: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2↗2018-04-24

▶

OSV

CVE-2017-14440: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2↗2018-04-24

▶

📋Vendor Advisories

Debian

CVE-2017-14440: libsdl2-image - An exploitable code execution vulnerability exists in the ILBM image rendering f...↗2017

▶

💬Community

Bugzilla

CVE-2017-14440 SDL2_image: code execution in the ILBM image rendering [epel-7]↗2018-03-06

▶

Bugzilla

CVE-2017-14440 SDL2_image: code execution in the ILBM image rendering↗2018-03-06

▶

Bugzilla

CVE-2017-14440 SDL2_image: code execution in the ILBM image rendering [fedora-all]↗2018-03-06

▶