12 matches found
CVE-2019-5052
CVE-2019-5052 affects SDL2_image 2.0.4, where loading a PCX file can trigger an exploitable integer overflow, causing too little memory to be allocated and leading to a buffer overflow with potential code execution. The vulnerability is referenced in multiple advisories (e.g., Mageia MGASA-2019-0...
CVE-2019-5051
SDL2_image 2.0.4 is affected by CVE-2019-5051: an exploitable heap-based buffer overflow when loading a PCX file due to a missing error handler, potentially leading to code execution. Public records in OpenSUSE/Mageia advisories indicate the fix is released in SDL2_image 2.0.5; other connected en...
CVE-2019-12217
CVE-2019-12217 is a NULL pointer dereference in the SDL stdio_read function when SDL2_image 2.0.4 is used with SDL 2.0.9 (libSDL2.a). Multiple connected advisories confirm this issue across distributions (openSUSE openSUSE-2019-2070, Fedora SDL2_image updates, Ubuntu USN-4238-1, Mageia advisories...
CVE-2019-5057
SDL2_image 2.0.4 contains a PCX image parsing vulnerability (CVE-2019-5057) that can cause a heap overflow and code execution. Multiple advisories (openSUSE/Mageia) document this as a user-exploitable flaw when loading PCX files. mitigations include upgrading to SDL2_image 2.0.5 or applying vendo...
CVE-2019-12221
The CVE-2019-12221 entry corresponds to a NULL/SEGV issue in SDL_free_REAL inside SDL with SDL2_image 2.0.4 (SDL 2.0.9) when used together, as described in the initial document. Connected documents confirm this vulnerability is addressed by SDL2_image updates to 2.0.5 (and corresponding SDL relea...
CVE-2019-12218
CVE-2019-12218 concerns a NULL pointer dereference in the SDL2_image component (IMG_LoadPCX_RW in IMG_pcx.c) when SDL2_image 2.0.4 is used with SDL 2.0.9 libSDL2.a. Documented in multiple advisories and openSUSE/Fedora/Mageia entries; impact is a crash/denial of service potential rather than expl...
CVE-2019-5059
CVE-2019-5059 describes an exploitable code execution in SDL2_image 2.0.4 via XPM image rendering caused by an integer overflow that allocates too small a heap buffer and allows out-of-bounds writes. Connected advisories (Mageia/OpenSUSE OSV) document that SDL2_image 2.0.4 is the affected version...
CVE-2019-5058
CVE-2019-5058 affects SDL2_image 2.0.4, where the XCF image rendering functionality can trigger a heap overflow via a crafted XCF image, potentially enabling code execution. Public documents in OSS advisories (MGASA-2019-0363/0364 and OSV entries) link this CVE to SDL2_image and describe the vuln...
CVE-2019-5060
SDL2_image 2.0.4 contains multiple vulnerabilities, including CVE-2019-5060, where an XPM image can trigger an integer overflow in colorhash, causing a heap overflow and potential code execution. The issue is part of a set of fixes for SDL2_image and related image loaders (PCX, XCF, XPM) addresse...
CVE-2019-12220
CVE-2019-12220 affects libSDL2.a in SDL 2.0.9 when used with SDL2_image 2.0.4. There is an out-of-bounds read in SDL_FreePalette_REAL (video/SDL_pixels.c). Documented impact is an out-of-bounds read; CVSS data from NVD shows a MEDIUM base severity (6.5 CVSS3) with HIGH availability impact, but ex...
CVE-2019-12219
CVE-2019-12219 concerns an invalid free error in SDL_SetError_REAL in the SDL_error.c path when libSDL2.a SDL 2.0.9 is used with SDL2_image 2.0.4. Multiple vendor advisories (e.g., Fedora/Mageia/Debian) reference SDL2_image updates (e.g., to 2.0.5 and beyond) as remediation, indicating the issue ...
CVE-2019-12216
CVE-2019-12216 affects the SDL ecosystem when using libSDL2.a (SDL 2.0.9) with libSDL2_image.a (SDL2_image 2.0.4). The issue is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW (at IMG_pcx.c). The connected documents list this CVE among SDL_image-related advisories, but do n...