CVE-2019-5052 — Integer Overflow or Wraparound in Sdl2 Image
Severity
8.8HIGHNVD
EPSS
1.4%
top 19.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedJul 3
Latest updateMay 24
Description
An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04
🔴Vulnerability Details
3GHSA▶
GHSA-xv8q-8fhp-7r88: An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2↗2022-05-24
OSV▶
CVE-2019-5052: An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2↗2019-07-03
CVEList▶
CVE-2019-5052: An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2↗2019-07-03
📋Vendor Advisories
2💬Community
2Bugzilla▶
CVE-2019-5052 SDL2_image: specially crafted file can cause an integer overflow which can lead to a heap-based buffer overflow and potential code execution↗2019-11-29
Bugzilla▶
CVE-2019-5052 mingw-SDL2_image: SDL2_image: specially crafted file can cause an integer overflow which can lead to a heap-based buffer overflow and potential code execution [epel-7]↗2019-11-29