CVE-2017-14442Improper Restriction of Operations within the Bounds of a Memory Buffer in SDL Image

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
8.8HIGHNVD
EPSS
1.5%
top 18.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SAM Lantinga AND Mattias Engdeg RD Simple Directmedia LayerDebian LinuxLibsdl SDL Image
Timeline
PublishedApr 24
Latest updateMay 13

Description

An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDlibsdl/sdl_image2.0.2

Also affects: Debian Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-p3xm-vpj8-m644: An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-22022-05-13
OSV
CVE-2017-14442: An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-22018-04-24
CVEList
CVE-2017-14442: An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-22018-04-24

📋Vendor Advisories

1
Debian
CVE-2017-14442: libsdl2-image - An exploitable code execution vulnerability exists in the BMP image rendering fu...2017

💬Community

3
Bugzilla
CVE-2017-14442 SDL2_image: code execution in the BMP image rendering [epel-7]2018-03-06
Bugzilla
CVE-2017-14442 SDL2_image: code execution in the BMP image rendering2018-03-06
Bugzilla
CVE-2017-14442 SDL2_image: code execution in the BMP image rendering [fedora-all]2018-03-06
CVE-2017-14442 — Libsdl SDL Image vulnerability | cvebase