CVE-2018-3839
Severity
8.8HIGH
EPSS
1.2%
top 21.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedApr 10
Latest updateMay 13
Description
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages5 packages
Also affects: Debian Linux 8.0, 9.0
🔴Vulnerability Details
3GHSA▶
GHSA-g336-h8cj-mccg: An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2↗2022-05-13
CVEList▶
CVE-2018-3839: An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2↗2018-04-10
OSV▶
CVE-2018-3839: An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2↗2018-04-10
📋Vendor Advisories
1Debian▶
CVE-2018-3839: libsdl2-image - An exploitable code execution vulnerability exists in the XCF image rendering fu...↗2018
💬Community
5Bugzilla
▶
Bugzilla
▶
Bugzilla
▶