Lucene search
K

232 matches found

Prion
Prion
added 2019/07/31 5:15 p.m.16 views

Design/Logic Flaw

An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

6.8CVSS8.8AI score0.03616EPSS
Exploits0References5Affected Software3
Prion
Prion
added 2019/07/31 5:15 p.m.19 views

Integer overflow

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap...

6.8CVSS9AI score0.04043EPSS
Exploits1References5Affected Software3
Cvelist
Cvelist
added 2019/07/31 4:51 p.m.28 views

CVE-2019-5060

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap...

8.8CVSS8.9AI score0.04043EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2019/07/31 4:51 p.m.21 views

CVE-2019-5060

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap...

8.8CVSS9.1AI score0.04043EPSS
Exploits1
CVE
CVE
added 2019/07/31 4:50 p.m.176 views

CVE-2019-5059

CVE-2019-5059 describes an exploitable code execution in SDL2_image 2.0.4 via XPM image rendering caused by an integer overflow that allocates too small a heap buffer and allows out-of-bounds writes. Connected advisories (Mageia/OpenSUSE OSV) document that SDL2_image 2.0.4 is the affected version...

8.8CVSS8.7AI score0.03616EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2019/07/31 4:49 p.m.173 views

CVE-2019-5058

CVE-2019-5058 affects SDL2_image 2.0.4, where the XCF image rendering functionality can trigger a heap overflow via a crafted XCF image, potentially enabling code execution. Public documents in OSS advisories (MGASA-2019-0363/0364 and OSV entries) link this CVE to SDL2_image and describe the vuln...

8.8CVSS8.6AI score0.03616EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2019/07/31 4:49 p.m.21 views

CVE-2019-5058

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

8.8CVSS8.8AI score0.03616EPSS
Exploits0
Talos
Talos
added 2019/07/29 12:0 a.m.176 views

SDL_image XCF Image Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

8.8CVSS8.7AI score0.03616EPSS
Exploits0
Veracode
Veracode
added 2019/05/02 4:42 a.m.19 views

Arbitrary Code Execution

Mozilla Firefox is vulnerable to arbitrary code execution. Two flaws were found in the way Firefox rendered certain images using WebGL. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the use...

10CVSS9.7AI score0.05899EPSS
Exploits0References15Affected Software3
Veracode
Veracode
added 2019/05/02 4:42 a.m.28 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...

10CVSS9.6AI score0.07762EPSS
Exploits2References17Affected Software3
Veracode
Veracode
added 2019/05/02 4:42 a.m.27 views

Memory Corruption

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...

10CVSS9.6AI score0.07762EPSS
Exploits2References15Affected Software3
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.41 views

openSUSE Security Update : SDL2_image (openSUSE-2019-933)

This update for SDL2image fixes the following issues : Security issues fixed : - CVE-2018-3839: Fixed an exploitable code execution vulnerability that existed in the XCF image rendering functionality of the Simple DirectMedia Layer bsc1089087. - CVE-2018-3977: Fixed a possible code execution via...

8.8CVSS7.5AI score0.03479EPSS
Exploits2References4
Exploit DB
Exploit DB
added 2019/02/06 12:0 a.m.104 views

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows

I was looking into the root cause of https://bugs.chromium.org/p/chromium/issues/detail?id=850350. In that bug, due to precision errors, Skia generated a concave RRect, but declared it convex. Later, the RRect was transformed with an affine transform and used as a clipping region for drawing...

7.4AI score
Exploits0
OSV
OSV
added 2018/11/24 5:19 p.m.6 views

OPENSUSE-SU-2018:3906-1 Security update for SDL2_image

This update for SDL2image fixes the following issues: Security issues fixed: - CVE-2018-3839: Fixed an exploitable code execution vulnerability that existed in the XCF image rendering functionality of the Simple DirectMedia Layer bsc1089087. - CVE-2018-3977: Fixed a possible code execution via...

8.8CVSS9AI score0.03479EPSS
Exploits2References5
OSV
OSV
added 2018/11/17 10:23 p.m.9 views

MGASA-2018-0454 Updated sdl2/mingw-SDL2 packages fix security vulnerabilities

This update fixes various security vulnerabilities affecting the SDL2image library, listed below. The fixes are provided in SDL2image 2.0.4, which depends on SDL2 2.0.8 or later. As such, the SDL2 and SDL2mixer libraries are also updated to their current stable releases, providing various bug fix...

8.8CVSS7.9AI score0.03479EPSS
Exploits4References16
NVD
NVD
added 2018/11/01 3:29 p.m.19 views

CVE-2018-3977

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

8.8CVSS8.8AI score0.03479EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2018/11/01 3:29 p.m.28 views

CVE-2018-3977

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

8.8CVSS7.5AI score0.03479EPSS
Exploits1References4
OSV
OSV
added 2018/11/01 3:29 p.m.1 views

UBUNTU-CVE-2018-3977

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

8.8CVSS7.6AI score0.03479EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2018/11/01 3:0 p.m.23 views

CVE-2018-3977

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

8.8CVSS8.9AI score0.03479EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2018/11/01 12:0 a.m.1 views

PT-2018-16353 · Sdl +3 · Sdl2 Image +3

Name of the Vulnerable Software and Affected Versions: SDL2 image version 2.0.3 Description: A code execution issue exists in the XCF image rendering functionality. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted...

8.8CVSS7.1AI score0.04515EPSS
Exploits13References95
Rows per page
Query Builder