CVE-2019-5060 — Integer Overflow or Wraparound in Sdl2 Image

CWE-190 — Integer Overflow or Wraparound CWE-787 — Out-of-bounds Write CWE-39911 documents7 sources

Severity

8.8HIGHNVD

EPSS

1.3%

top 19.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT SDL Libsdl Sdl2 Image Opensuse Backports SLE +1 more

Timeline

PublishedJul 31

Latest updateMay 24

Description

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlibsdl/sdl2_image2.0.4

▶CVEListV5red_hat/sdlSDL_image 2.0.4

▶NVDopensuse/leap15.0, 15.1+1

▶NVDopensuse/backports_sle15.0

🔴Vulnerability Details

GHSA

GHSA-qr2r-966r-5p23: An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2↗2022-05-24

▶

OSV

CVE-2019-5060: An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2↗2019-07-31

▶

CVEList

CVE-2019-5060: An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2↗2019-07-31

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability↗2019-09-25

▶

Debian

CVE-2019-5060: libsdl2-image - An exploitable code execution vulnerability exists in the XPM image rendering fu...↗2019

▶

💬Community

Bugzilla

CVE-2019-5060 mingw-SDL2_image: SDL2_image: exploitable code execution in the XPM image rendering leads to an integer overflow in the colorhash function [fedora-all]↗2019-08-09

▶

Bugzilla

CVE-2019-5060 SDL2_image: exploitable code execution in the XPM image rendering leads to an integer overflow in the colorhash function [fedora-all]↗2019-08-09

▶

Bugzilla

CVE-2019-5060 SDL2_image: exploitable code execution in the XPM image rendering leads to an integer overflow in the colorhash function [epel-7]↗2019-08-09

▶

Bugzilla

CVE-2019-5060 mingw-SDL2_image: SDL2_image: exploitable code execution in the XPM image rendering leads to an integer overflow in the colorhash function [epel-all]↗2019-08-09

▶

Bugzilla

CVE-2019-5060 SDL2_image: exploitable code execution in the XPM image rendering leads to an integer overflow in the colorhash function↗2019-08-09

▶