CVE-2017-2888 — Integer Overflow or Wraparound in Simple Direct Media
Severity
8.8HIGHNVD
EPSS
1.6%
top 18.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 11
Latest updateMay 13
Description
An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages2 packages
Also affects: Debian Linux 9.0, Ubuntu Linux 16.04, 18.04, 19.04
🔴Vulnerability Details
4GHSA▶
GHSA-3x42-vgc3-7f6c: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2↗2022-05-13
CVEList▶
CVE-2017-2888: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2↗2017-10-11
OSV▶
CVE-2017-2888: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2↗2017-10-11
📋Vendor Advisories
3💬Community
5Bugzilla
▶
Bugzilla
▶
Bugzilla▶
CVE-2017-2888 mingw-SDL: SDL: Integer overflow while creating a new RGB surface [fedora-all]↗2017-10-11
Bugzilla
▶