An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
sdl2_image | eq | 2.0.4 | |
backports_sle | eq | 15.0 sp1 | |
backports_sle | eq | 15.0 | |
leap | eq | 15.0 | |
leap | eq | 15.1 |
lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html
talosintelligence.com/vulnerability_reports/TALOS-2019-0841