CVE-2018-3977Out-of-bounds Write in SDL Image

CWE-787Out-of-bounds Write11 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.9%
top 23.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Simple Directmedia LayerLibsdl SDL Image
Timeline
PublishedNov 1
Latest updateMay 13

Description

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDlibsdl/sdl_image2.0.3
CVEListV5simple_directmedia_layer/simple_directmedia_layerSimple DirectMedia Layer SDL2_image 2.0.3

🔴Vulnerability Details

4
GHSA
GHSA-9532-gqc7-9wv7: An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-22022-05-13
OSV
giflib vulnerabilities2019-08-20
OSV
CVE-2018-3977: An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-22018-11-01
CVEList
CVE-2018-3977: An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-22018-11-01

📋Vendor Advisories

2
Ubuntu
SDL_image vulnerabilities2020-01-14
Debian
CVE-2018-3977: libsdl2-image - An exploitable code execution vulnerability exists in the XCF image rendering fu...2018

💬Community

4
Bugzilla
CVE-2018-3977 SDL2_image: code execution in the XCF image rendering functionality [epel-7]2018-11-05
Bugzilla
CVE-2018-3977 mingw-SDL2_image: SDL2_image: code execution in the XCF image rendering functionality [fedora-all]2018-11-05
Bugzilla
CVE-2018-3977 SDL2_image: code execution in the XCF image rendering functionality2018-11-05
Bugzilla
CVE-2018-3977 SDL2_image: code execution in the XCF image rendering functionality [fedora-all]2018-11-05
CVE-2018-3977 — Out-of-bounds Write in Libsdl SDL Image | cvebase