CVE-2019-5059 — Integer Overflow or Wraparound in Sdl2 Image

CWE-190 — Integer Overflow or Wraparound CWE-787 — Out-of-bounds Write10 documents6 sources

Severity

8.8HIGHNVD

EPSS

1.0%

top 23.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT SDL Libsdl Sdl2 Image Opensuse Backports SLE +1 more

Timeline

PublishedJul 31

Latest updateMay 24

Description

An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlibsdl/sdl2_image2.0.4

▶CVEListV5red_hat/sdlSDL_image 2.0.4

▶NVDopensuse/leap15.0, 15.1+1

▶NVDopensuse/backports_sle15.0

🔴Vulnerability Details

GHSA

GHSA-g82w-w3fp-3m77: An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2↗2022-05-24

▶

OSV

CVE-2019-5059: An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2↗2019-07-31

▶

CVEList

CVE-2019-5059: An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2↗2019-07-31

▶

📋Vendor Advisories

Debian

CVE-2019-5059: libsdl2-image - An exploitable code execution vulnerability exists in the XPM image rendering fu...↗2019

▶

💬Community

Bugzilla

CVE-2019-5059 SDL2_image: an exploitable code execution in the XPM image rendering leads to integer overflow [fedora-all]↗2019-08-09

▶

Bugzilla

CVE-2019-5059 SDL2_image: an exploitable code execution in the XPM image rendering leads to integer overflow [epel-7]↗2019-08-09

▶

Bugzilla

CVE-2019-5059 mingw-SDL2_image: SDL2_image: an exploitable code execution in the XPM image rendering leads to integer overflow [fedora-all]↗2019-08-09

▶

Bugzilla

CVE-2019-5059 SDL2_image: an exploitable code execution in the XPM image rendering leads to integer overflow↗2019-08-09

▶

Bugzilla

CVE-2019-5059 mingw-SDL2_image: SDL2_image: an exploitable code execution in the XPM image rendering leads to integer overflow [epel-all]↗2019-08-09

▶