Lucene search
PRIOn knowledge basePRION:CVE-2019-5059HistoryJul 31, 2019 - 5:15 p.m.
Integer overflow
2019-07-3117:15:00
PRIOn knowledge base
www.prio-n.com
6
An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sdl2_image | eq | 2.0.4 | |
| backports_sle | eq | 15.0 sp1 | |
| backports_sle | eq | 15.0 | |
| leap | eq | 15.0 | |
| leap | eq | 15.1 |
References
lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html
talosintelligence.com/vulnerability_reports/TALOS-2019-0843
Related
cvelist
cvelist
CVE-2019-5059
2019-07-31 16:50:45
ubuntucve
ubuntucve
CVE-2019-5059
2019-07-31 00:00:00
talos
talos
SDL_image XPM image color code code execution vulnerability
2019-07-29 00:00:00
cve
cve
CVE-2019-5059
2019-07-31 17:15:11
osv
osv
CVE-2019-5059
2019-07-31 17:15:11
nvd
nvd
CVE-2019-5059
2019-07-31 17:15:11
debiancve
debiancve
CVE-2019-5059
2019-07-31 17:15:11
nessus
nessus
FreeBSD : SDL2_image -- multiple vulnerabilities (3394bc2b-9da4-11e9-951e-14dae9d5a9d2)
2019-07-05 00:00:00
openSUSE Security Update : SDL_image (openSUSE-2019-2071)
2019-09-06 00:00:00
openSUSE Security Update : SDL2_image (openSUSE-2019-2070)
2019-09-06 00:00:00
freebsd
freebsd
SDL2_image -- multiple vulnerabilities
2019-07-02 00:00:00
suse
suse
Security update for SDL_image (moderate)
2019-09-05 00:00:00
Security update for SDL_image (moderate)
2019-09-10 00:00:00
Security update for SDL2_image (moderate)
2019-09-05 00:00:00
openvas
openvas
openSUSE: Security Advisory for SDL_image (openSUSE-SU-2019:2071-1)
2019-09-06 00:00:00
Mageia: Security Advisory (MGASA-2019-0364)
2022-01-28 00:00:00
Mageia: Security Advisory (MGASA-2019-0363)
2022-01-28 00:00:00
mageia
mageia
Updated SDL_image packages fix security vulnerabilities
2019-12-06 17:15:42
Updated sdl2_image packages fix security vulnerabilities
2019-12-06 17:15:42