6.8
CVSSv2

CVE-2018-3839

Published: 10/04/2018 Updated: 25/10/2022
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libsdl sdl image 2.0.2

debian debian linux 8.0

debian debian linux 9.0

starwindsoftware starwind virtual san v8

Vendor Advisories

Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened For the oldstable distribution (jessie), these problems have been fixed in version 200+dfsg-3+deb8u1 For the stable distribution ...