Published: 11/10/2017 Updated: 07/06/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

It exists that SDL 2.0 mishandled crafted image files resulting in an integer overflow. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or potentially run arbitrary code. (CVE-2017-2888)

Vulnerable Product	Search on Vulmon	Subscribe to Product
libsdl simple directmedia layer 2.0.5
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
debian debian linux 9.0

Debian Bug report logs - #878264 libsdl2: CVE-2017-2888: Integer overflow while creating a new RGB surface Package: src:libsdl2; Maintainer for src:libsdl2 is Debian SDL packages maintainers <pkg-sdl-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 11 Oct 2017 21:0 ...

SDL 20 could be made to crash or run programs as your login if it opened a specially crafted file ...

An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 205 A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution An attacker can provide a specially crafted image file to trigger this vulnerabilit ...

CWE-190 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395 http://www.securityfocus.com/bid/101215 https://usn.ubuntu.com/4143-1/https://lists.debian.org/debian-lts-announce/2021/10/msg00031.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878264 https://usn.ubuntu.com/4143-1/https://nvd.nist.gov

CVE-2017-2888

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect