CVE-2018-3838 — Out-of-bounds Read in Systems INC Simple Directmedia
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 37.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 10
Latest updateMay 13
Description
An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages2 packages
Also affects: Debian Linux 8.0, 9.0
🔴Vulnerability Details
3GHSA▶
GHSA-mh87-4cjg-xvmr: An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2↗2022-05-13
CVEList▶
CVE-2018-3838: An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2↗2018-04-10
OSV▶
CVE-2018-3838: An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2↗2018-04-10
📋Vendor Advisories
2💬Community
5Bugzilla
▶
Bugzilla
▶
Bugzilla▶
CVE-2018-3838 SDL2_image: information disclosure in the XCF image rendering functionality↗2018-04-16
Bugzilla
▶