CVE-2019-5060

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:libsdl:sdl2_image:2.0.4:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*

Information

Published : 2019-07-31 10:15

Updated : 2022-06-27 10:29


NVD link : CVE-2019-5060

Mitre link : CVE-2019-5060


JSON object : View

CWE
CWE-787

Out-of-bounds Write

CWE-190

Integer Overflow or Wraparound

Advertisement

dedicated server usa

Products Affected

opensuse

  • backports_sle
  • leap

libsdl

  • sdl2_image