13 matches found
CVE-2018-3839
CVE-2018-3839 is an exploitable code execution in SDL2_image-2.0.2’s XCF image rendering. A specially crafted XCF image can cause an out-of-bounds write on the heap, enabling remote code execution when the image is processed. Multiple connected advisories confirm the issue and indicate fixes in S...
CVE-2017-12122
The CVE-2017-12122 entry concerns SDL2_image-2.0.2: an exploitable heap overflow in the ILBM image rendering path that can lead to code execution when a specially crafted ILBM image is displayed. Public documents confirm impact on SDL2_image and related packages (e.g., Debian, Gentoo GLSA), with ...
CVE-2018-3977
CVE-2018-3977 is an exploitable heap overflow in the SDL2_image library’s XCF image handling (IMG_xcf.c) that can lead to remote code execution when processing a crafted XCF image. The vulnerability affects SDL2_image versions around 2.0.3 and was addressed in multiple vendor advisories, with Deb...
CVE-2017-14441
SDL2_image-2.0.2 contains an exploitable vulnerability in the ICO image rendering path: a crafted ICO can trigger an integer overflow that cascades to a heap overflow and code execution (CVE-2017-14441). Public advisories reference SDL2_image 2.0.4 as the fixed version and encourage upgrading (e....
CVE-2017-14448
CVE-2017-14448 affects SDL2_image-2.0.2: the XCF image rendering path can overflow the heap, enabling code execution when a specially crafted XCF image is displayed. Public advisories indicate upgrading to SDL2_image-2.0.4 (or newer) to fix this issue; other sources note related advisories upgrad...
CVE-2017-14450
CVE-2017-14450 affects SDL2_image-2.0.2, where the GIF image parsing functionality has a buffer overflow risk in the global section when processing a specially crafted GIF image displayed by a user. Public sources in connected docs confirm this vulnerability and its association with SDL2_image’s ...
CVE-2017-14440
SDL2_image-2.0.2 contains an exploitable vulnerability in ILBM image rendering that can trigger a stack overflow and lead to code execution when processing a crafted ILBM image. This vulnerability is corroborated across multiple sources (e.g., Debian DSA-4184-1, GLSA-201903-17, Mageia MGASA-2018-...
CVE-2017-2887
CVE-2017-2887 affects SDL_image 2.0.1, with a stack-based buffer overflow in the XCF property handling. A specially crafted XCF file can overflow a stack buffer, potentially enabling code execution. The vulnerability is exploitable via crafted XCF input and does not specify a required user intera...
CVE-2018-3838
The CVE-2018-3838 entry concerns SDL2_image-2.0.2: an exploitable vulnerability in the XCF image rendering path can trigger an out-of-bounds read on the heap, leading to information disclosure. Public reports (e.g., TALOS advisories and related Debian/Gentoo/Mageia notices) confirm this family of...
CVE-2017-14442
CVE-2017-14442 affects SDL2_image-2.0.2 BMP image rendering, causing a stack overflow that can lead to remote code execution when a specially crafted BMP image is processed. Public sources describe the vulnerability across multiple advisories (Debian DSA-4184-1, Mageia MGASA-2018-0454) and indica...
CVE-2017-14449
SDL2_image-2.0.2 contains a double-free vulnerability in the XCF image rendering path. A specially crafted XCF image can trigger a double-free, potentially enabling arbitrary behavior on vulnerable systems. Affected: SDL2_image libraries (notably 2.0.2). Public advisories (e.g., Mageia GLSA-2018-...
CVE-2018-3837
CVE-2018-3837 describes an information-disclosure flaw in the PCX image handling of SDL2_image-2.0.2. A specially crafted PCX image can trigger an out-of-bounds read on the heap, allowing partial disclosure when the image is processed. The vulnerability affects SDL2_image’s PCX rendering path and...
CVE-2026-35444
The CVE-2026-35444 issue affects SDL_image’s XCF loader (src/IMG_xcf.c). In do_layer_surface(), pixel indices from decoded XCF tile data are used directly as colormap indices without validating against cm_num, enabling heap out-of-bounds reads (up to 762 bytes past the colormap allocation) for bo...