Lucene search

[email protected]CVE-2019-5059

HistoryJul 31, 2019 - 5:15 p.m.

CVE-2019-5059

2019-07-3117:15:11

CWE-190

CWE-787

[email protected]

web.nvd.nist.gov

139

cve-2019-5059

exploit

code execution

vulnerability

sdl2_image

xpm

image rendering

integer overflow

buffer overflow

heap overflow

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

JSON

An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

Affected configurations

NVD

Node

libsdlsdl2_imageMatch2.0.4

Node

opensusebackports_sleMatch15.0-

opensusebackports_sleMatch15.0sp1

opensuseleapMatch15.0

opensuseleapMatch15.1

CPENameOperatorVersion
libsdl:sdl2_imagelibsdl sdl2 imageeq2.0.4

CPE	Name	Operator	Version
libsdl:sdl2_image	libsdl sdl2 image	eq	2.0.4

CNA Affected

[
  {
    "product": "SDL",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "SDL_image 2.0.4"
      }
    ]
  }
]