Unrated severityNVD Advisory· Published Jul 3, 2019· Updated Aug 4, 2024
CVE-2019-5052
CVE-2019-5052
Description
An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- SDL/SDL2_imagedescription
- Range: <=2.0.4
- osv-coords8 versionspkg:rpm/opensuse/SDL2_image&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/SDL2_image&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/SDL_image&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/SDL_image&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/SDL2_image&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/SDL2_image&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/SDL_image&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/SDL_image&distro=SUSE%20Package%20Hub%2015%20SP1
< 2.0.5-lp151.2.5.1+ 7 more
- (no CPE)range: < 2.0.5-lp151.2.5.1
- (no CPE)range: < 2.0.5-lp151.2.5.1
- (no CPE)range: < 1.2.12+hg695-lp151.3.3.1
- (no CPE)range: < 1.2.12+hg695-lp151.3.3.1
- (no CPE)range: < 2.0.5-bp151.4.3.1
- (no CPE)range: < 2.0.5-bp151.4.3.1
- (no CPE)range: < 1.2.12+hg695-bp151.4.3.1
- (no CPE)range: < 1.2.12+hg695-bp151.4.3.1
Patches
Vulnerability mechanics
References
8- lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4238-1/mitrevendor-advisoryx_refsource_UBUNTU
- lists.debian.org/debian-lts-announce/2019/07/msg00021.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/07/msg00026.htmlmitremailing-listx_refsource_MLIST
- talosintelligence.com/vulnerability_reports/TALOS-2019-0821mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.