CVE-2018-3837 — Out-of-bounds Read in Systems INC Simple Direct Media
Severity
5.5MEDIUMNVD
EPSS
0.4%
top 42.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 10
Latest updateMay 13
Description
An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
Also affects: Debian Linux 8.0, 9.0
🔴Vulnerability Details
4GHSA▶
GHSA-gwvh-mf23-368g: An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2↗2022-05-13
OSV▶
CVE-2018-3837: An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2↗2018-04-10
CVEList▶
CVE-2018-3837: An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2↗2018-04-10
📋Vendor Advisories
1Debian▶
CVE-2018-3837: libsdl2-image - An exploitable information disclosure vulnerability exists in the PCX image rend...↗2018
💬Community
4Bugzilla
▶
Bugzilla▶
CVE-2018-3837 SDL2_image: information disclosure in the PCX image rendering functionality↗2018-04-16
Bugzilla
▶