An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0844 | Exploit Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html | Mailing List Third Party Advisory |
Configurations
Information
Published : 2019-07-31 10:15
Updated : 2022-06-27 10:29
NVD link : CVE-2019-5060
Mitre link : CVE-2019-5060
JSON object : View
Products Affected
opensuse
- backports_sle
- leap
libsdl
- sdl2_image