CVE-2019-5051 — Detection of Error Condition Without Action in Sdl2 Image
Severity
8.8HIGHNVD
EPSS
1.6%
top 18.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedJul 3
Latest updateMay 24
Description
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04
🔴Vulnerability Details
3GHSA▶
GHSA-wxjc-cpqc-xw6q: An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2↗2022-05-24
CVEList▶
CVE-2019-5051: An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2↗2019-07-03
OSV▶
CVE-2019-5051: An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2↗2019-07-03
📋Vendor Advisories
2💬Community
2Bugzilla▶
CVE-2019-5051 SDL2_image: missing error handler when loading a PCX file can lead to a heap-based buffer overflow and potential code execution↗2019-11-29
Bugzilla▶
CVE-2019-5051 mingw-SDL2_image: SDL2_image: missing error handler when loading a PCX file can lead to a heap-based buffer overflow and potential code execution [epel-7]↗2019-11-29