CVE-2017-14441 — Integer Overflow or Wraparound in SDL Image

CWE-190 — Integer Overflow or Wraparound8 documents6 sources

Severity

8.8HIGHNVD

EPSS

1.3%

top 20.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAM Lantinga AND Mattias Engdeg RD Simple Directmedia Layer Debian Linux Libsdl SDL Image

Timeline

PublishedApr 24

Latest updateMay 13

Description

An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDlibsdl/sdl_image2.0.2

▶CVEListV5sam_lantinga_and_mattias_engdeg_rd/simple_directmedia_layerSDL2_image 2.0.2

Also affects: Debian Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-fjmx-7p86-hg32: An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2↗2022-05-13

▶

CVEList

CVE-2017-14441: An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2↗2018-04-24

▶

OSV

CVE-2017-14441: An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2↗2018-04-24

▶

📋Vendor Advisories

Debian

CVE-2017-14441: libsdl2-image - An exploitable code execution vulnerability exists in the ICO image rendering fu...↗2017

▶

💬Community

Bugzilla

CVE-2017-14441 SDL2_image: code execution in the ICO image rendering↗2018-03-06

▶

Bugzilla

CVE-2017-14441 SDL2_image: code execution vulnerability exists in the ICO image rendering [epel-7]↗2018-03-06

▶

Bugzilla

CVE-2017-14441 SDL2_image: code execution vulnerability exists in the ICO image rendering [fedora-all]↗2018-03-06

▶