CVE-2017-2887

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SDL image version 2.0.1

Description A buffer overflow vulnerability exists in the XCF property handling functionality. A specially crafted XCF file can cause a stack-based buffer overflow, potentially leading to code execution. An attacker can trigger this issue by providing a specially crafted XCF file.

Recommendations For SDL image version 2.0.1, update to a version that fixes this issue to prevent potential code execution. As a temporary workaround, consider restricting the handling of XCF files until a patch is available.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2017-3592

CVE-2017-2887

DLA-1134-1

DSA-4177-1

DSA-4184-1

MGASA-2017-0397

MGASA-2018-0170

OPENSUSE-SU-2024:10608-1

Affected Products

Alt Linux

Sdl Image

CVE-2017-2887

Weakness Enumeration

Related Identifiers

Affected Products

References · 25