PT-2019-17444 · Sdl+2 · Sdl2 Image+2

Publicado

2019-06-11

Atualizado

2022-06-27

CVE-2019-5059

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SDL2 image version 2.0.4

Description A code execution issue exists in the XPM image rendering functionality. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this issue.

Recommendations For SDL2 image version 2.0.4, consider disabling the XPM image rendering functionality until a patch is available. Restrict the use of specially crafted XPM images to minimize the risk of exploitation.

Correção

Memory Corruption

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-190

Identificadores relacionados

ALT-PU-2021-1289

BDU:2026-06673

CVE-2019-5059

MGASA-2019-0363

MGASA-2019-0364

OPENSUSE-SU-2019:2070-1

OPENSUSE-SU-2019:2071-1

OPENSUSE-SU-2019:2108-1

OPENSUSE-SU-2019:2109-1

OPENSUSE-SU-2019_2070-1

OPENSUSE-SU-2019_2071-1

OPENSUSE-SU-2024:10608-1

OPENSUSE-SU-2024:10609-1

Produtos afetados

Alt Linux

Sdl2 Image

Suse

PT-2019-17444 · Sdl+2 · Sdl2 Image+2

CVE-2019-5059

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 61