CVE-2019-5058 — Heap-based Buffer Overflow in Sdl2 Image
Severity
8.8HIGHNVD
EPSS
1.0%
top 23.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 31
Latest updateMay 24
Description
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages4 packages
🔴Vulnerability Details
3GHSA▶
GHSA-g3fv-2w8r-wh3m: An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2↗2022-05-24
CVEList▶
CVE-2019-5058: An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2↗2019-07-31
OSV▶
CVE-2019-5058: An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2↗2019-07-31
📋Vendor Advisories
1Debian▶
CVE-2019-5058: libsdl2-image - An exploitable code execution vulnerability exists in the XCF image rendering fu...↗2019
💬Community
5Bugzilla▶
CVE-2019-5058 SDL2_image: exploitable code execution vulnerability in image rendering leads to a heap overflow [fedora-all]↗2019-08-09
Bugzilla▶
CVE-2019-5058 SDL2_image: exploitable code execution vulnerability in image rendering leads to a heap overflow↗2019-08-09
Bugzilla▶
CVE-2019-5058 mingw-SDL2_image: SDL2_image: exploitable code execution vulnerability in image rendering leads to a heap overflow [fedora-all]↗2019-08-09
Bugzilla▶
CVE-2019-5058 mingw-SDL2_image: SDL2_image: exploitable code execution vulnerability in image rendering leads to a heap overflow [epel-all]↗2019-08-09
Bugzilla▶
CVE-2019-5058 SDL2_image: exploitable code execution vulnerability in image rendering leads to a heap overflow [epel-7]↗2019-08-09