Unrated severityNVD Advisory· Published Nov 1, 2018· Updated Sep 17, 2024
CVE-2018-3977
CVE-2018-3977
Description
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versionspkg:rpm/suse/SDL2_image&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/SDL_image&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 2.0.4-bp150.3.3.1+ 1 more
- (no CPE)range: < 2.0.4-bp150.3.3.1
- (no CPE)range: < 1.2.6-84.46.1
- Simple DirectMedia Layer/Simple DirectMedia Layerv5Range: Simple DirectMedia Layer SDL2_image 2.0.3
Patches
Vulnerability mechanics
References
5- security.gentoo.org/glsa/201903-17mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4238-1/mitrevendor-advisoryx_refsource_UBUNTU
- lists.debian.org/debian-lts-announce/2019/07/msg00021.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/07/msg00026.htmlmitremailing-listx_refsource_MLIST
- talosintelligence.com/vulnerability_reports/TALOS-2018-0645mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.