CVE-2017-14449 — Double Free in SDL Image

CWE-415 — Double Free8 documents6 sources

Severity

8.8HIGHNVD

CNA7.5

EPSS

0.6%

top 29.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAM Lantinga AND Mattias Engdeg RD Simple Directmedia Layer Debian Linux Libsdl SDL Image

Timeline

PublishedApr 24

Latest updateMay 13

Description

A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDlibsdl/sdl_image2.0.2

▶CVEListV5sam_lantinga_and_mattias_engdeg_rd/simple_directmedia_layerSDL2_image 2.0.2

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-xgp4-8gx6-q392: A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2↗2022-05-13

▶

OSV

CVE-2017-14449: A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2↗2018-04-24

▶

CVEList

CVE-2017-14449: A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2↗2018-04-24

▶

📋Vendor Advisories

Debian

CVE-2017-14449: libsdl2-image - A double-Free vulnerability exists in the XCF image rendering functionality of S...↗2017

▶

💬Community

Bugzilla

CVE-2017-14449 SDL2_image: double-Free in the XCF image rendering↗2018-03-06

▶

Bugzilla

CVE-2017-14449 SDL2_image: double-Free in the XCF image rendering [fedora-all]↗2018-03-06

▶

Bugzilla

CVE-2017-14449 SDL2_image: double-Free in the XCF image rendering [epel-7]↗2018-03-06

▶