CVE-2017-2887Out-of-bounds Write in SDL Image

CWE-787Out-of-bounds Write11 documents6 sources
Severity
8.8HIGHNVD
EPSS
1.7%
top 17.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Talos Simple Direct MediaDebian LinuxLibsdl SDL Image
Timeline
PublishedOct 11
Latest updateMay 13

Description

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDlibsdl/sdl_image2.0.1
CVEListV5talos/simple_direct_mediaSimple DirectMedia Layer SDL_image 2.0.1

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-hqjw-c32v-frhh: An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 22022-05-13
OSV
CVE-2017-2887: An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 22017-10-11
CVEList
CVE-2017-2887: An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 22017-10-11

📋Vendor Advisories

1
Debian
CVE-2017-2887: libsdl2-image - An exploitable buffer overflow vulnerability exists in the XCF property handling...2017

💬Community

6
Bugzilla
CVE-2017-2887 SDL_image: Incorrect XCF property handling2017-10-10
Bugzilla
CVE-2017-2887 SDL_image: Multiple vulnerabilities [epel-6]2017-10-10
Bugzilla
CVE-2017-2887 SDL_image: Multiple vulnerabilities [fedora-all]2017-10-10
Bugzilla
CVE-2017-2887 mingw-SDL_image: SDL_image: Multiple vulnerabilities [epel-7]2017-10-10
Bugzilla
CVE-2017-2887 mingw-SDL_image: SDL_image: Multiple vulnerabilities [fedora-all]2017-10-10
CVE-2017-2887 — Out-of-bounds Write in Libsdl SDL Image | cvebase