Sdl Image
by Sdl
Source repositories
CVEs (21)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14448 | Hig | 0.57 | 8.8 | 0.02 | Apr 24, 2018 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | ||
| CVE-2017-14442 | Hig | 0.57 | 8.8 | 0.02 | Apr 24, 2018 | An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | ||
| CVE-2017-14441 | Hig | 0.57 | 8.8 | 0.03 | Apr 24, 2018 | An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted… | ||
| CVE-2017-14440 | Hig | 0.57 | 8.8 | 0.02 | Apr 24, 2018 | An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this… | ||
| CVE-2017-12122 | Hig | 0.57 | 8.8 | 0.02 | Apr 24, 2018 | An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | ||
| CVE-2017-2887 | Hig | 0.57 | 8.8 | 0.03 | Oct 11, 2017 | An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to… | ||
| CVE-2017-14449 | Hig | 0.49 | 7.5 | 0.02 | Apr 24, 2018 | A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. | ||
| CVE-2017-14450 | Hig | 0.46 | 7.1 | 0.02 | Apr 24, 2018 | A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. | ||
| CVE-2018-3838 | Med | 0.42 | 6.5 | 0.02 | Apr 10, 2018 | An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a… | ||
| CVE-2026-35444 | Hig | 0.39 | 7.1 | 0.00 | Apr 6, 2026 | SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file… | ||
| CVE-2007-6697 | 0.04 | — | 0.11 | Feb 1, 2008 | Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details… | |||
| CVE-2008-0544 | 0.01 | — | 0.08 | Feb 1, 2008 | Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained… | |||
| CVE-2019-19721 | 0.00 | — | 0.02 | May 15, 2020 | An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. | |||
| CVE-2019-5060 | 0.00 | — | 0.04 | Jul 31, 2019 | An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds,… | |||
| CVE-2019-5058 | 0.00 | — | 0.04 | Jul 31, 2019 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||
| CVE-2019-5052 | 0.00 | — | 0.05 | Jul 3, 2019 | An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker… | |||
| CVE-2019-12221 | 0.00 | — | 0.02 | May 20, 2019 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. | |||
| CVE-2019-12219 | 0.00 | — | 0.02 | May 20, 2019 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c. | |||
| CVE-2019-12218 | 0.00 | — | 0.02 | May 20, 2019 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. | |||
| CVE-2019-12217 | 0.00 | — | 0.02 | May 20, 2019 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c. |
- risk 0.57cvss 8.8epss 0.02
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
- risk 0.57cvss 8.8epss 0.02
An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
- risk 0.57cvss 8.8epss 0.03
An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted…
- risk 0.57cvss 8.8epss 0.02
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this…
- risk 0.57cvss 8.8epss 0.02
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
- risk 0.57cvss 8.8epss 0.03
An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to…
- risk 0.49cvss 7.5epss 0.02
A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.
- risk 0.46cvss 7.1epss 0.02
A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.
- risk 0.42cvss 6.5epss 0.02
An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a…
- risk 0.39cvss 7.1epss 0.00
SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file…
- CVE-2007-6697Feb 1, 2008risk 0.04cvss —epss 0.11
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details…
- CVE-2008-0544Feb 1, 2008risk 0.01cvss —epss 0.08
Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained…
- CVE-2019-19721May 15, 2020risk 0.00cvss —epss 0.02
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.
- CVE-2019-5060Jul 31, 2019risk 0.00cvss —epss 0.04
An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds,…
- CVE-2019-5058Jul 31, 2019risk 0.00cvss —epss 0.04
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
- CVE-2019-5052Jul 3, 2019risk 0.00cvss —epss 0.05
An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker…
- CVE-2019-12221May 20, 2019risk 0.00cvss —epss 0.02
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.
- CVE-2019-12219May 20, 2019risk 0.00cvss —epss 0.02
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c.
- CVE-2019-12218May 20, 2019risk 0.00cvss —epss 0.02
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.
- CVE-2019-12217May 20, 2019risk 0.00cvss —epss 0.02
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.
Page 1 of 2