Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    26 vulnerabilities found for sdl_image by libsdl

    CVE-2026-35444 (GCVE-0-2026-35444)

    Vulnerability from nvd – Published: 2026-04-06 21:44 – Updated: 2026-04-08 14:06
    VLAI
    Title
    SDL_image has a heap buffer overflow READ via unchecked colormap index in XCF loader
    Summary
    SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    libsdl-org SDL_image Affected: < 996bf12888925932daace576e09c3053410896f8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35444",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T14:06:16.276801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T14:06:28.528Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SDL_image",
              "vendor": "libsdl-org",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 996bf12888925932daace576e09c3053410896f8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-06T21:44:05.986Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/libsdl-org/SDL_image/security/advisories/GHSA-gq8w-x74c-h6p7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/libsdl-org/SDL_image/security/advisories/GHSA-gq8w-x74c-h6p7"
            }
          ],
          "source": {
            "advisory": "GHSA-gq8w-x74c-h6p7",
            "discovery": "UNKNOWN"
          },
          "title": "SDL_image has a heap buffer overflow READ via unchecked colormap index in XCF loader"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-35444",
        "datePublished": "2026-04-06T21:44:05.986Z",
        "dateReserved": "2026-04-02T19:25:52.192Z",
        "dateUpdated": "2026-04-08T14:06:28.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-3977 (GCVE-0-2018-3977)

    Vulnerability from nvd – Published: 2018-11-01 15:00 – Updated: 2024-09-17 02:33
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • Heap-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4238-1/ vendor-advisoryx_refsource_UBUNTU
    https://talosintelligence.com/vulnerability_repor… x_refsource_MISC
    Impacted products
    Vendor Product Version
    Simple DirectMedia Layer Simple DirectMedia Layer Affected: Simple DirectMedia Layer SDL2_image 2.0.3
    Create a notification for this product.
    Date Public
    2018-10-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:57:24.493Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1861-1] libsdl2-image security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
              },
              {
                "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
              },
              {
                "name": "USN-4238-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4238-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Simple DirectMedia Layer",
              "versions": [
                {
                  "status": "affected",
                  "version": "Simple DirectMedia Layer SDL2_image 2.0.3"
                }
              ]
            }
          ],
          "datePublic": "2018-10-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:07:22.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1861-1] libsdl2-image security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
            },
            {
              "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
            },
            {
              "name": "USN-4238-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4238-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-10-31T00:00:00",
              "ID": "CVE-2018-3977",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Simple DirectMedia Layer SDL2_image 2.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Simple DirectMedia Layer"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1861-1] libsdl2-image security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
                },
                {
                  "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
                },
                {
                  "name": "USN-4238-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4238-1/"
                },
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2018-3977",
        "datePublished": "2018-11-01T15:00:00.000Z",
        "dateReserved": "2018-01-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:33:07.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14450 (GCVE-0-2017-14450)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-17 00:05
    VLAI
    Summary
    A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Date Public
    2018-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:59.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-03-01T00:00:00",
              "ID": "CVE-2017-14450",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.1,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-14450",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-09-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:05:53.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14448 (GCVE-0-2017-14448)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-17 04:13
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Date Public
    2018-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.533Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:56.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-03-01T00:00:00",
              "ID": "CVE-2017-14448",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-14448",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-09-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:13:49.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14449 (GCVE-0-2017-14449)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-16 19:56
    VLAI
    Summary
    A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • double-free
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Date Public
    2018-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.698Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "double-free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:57.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-03-01T00:00:00",
              "ID": "CVE-2017-14449",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "double-free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-14449",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-09-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:56:21.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12122 (GCVE-0-2017-12122)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-16 22:40
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Date Public
    2018-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:24.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-03-01T00:00:00",
              "ID": "CVE-2017-12122",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-12122",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:40:57.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14442 (GCVE-0-2017-14442)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-16 16:49
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Date Public
    2018-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.547Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:48.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-03-01T00:00:00",
              "ID": "CVE-2017-14442",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-14442",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-09-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:49:04.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14440 (GCVE-0-2017-14440)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-17 02:31
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Date Public
    2018-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.516Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:45.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-03-01T00:00:00",
              "ID": "CVE-2017-14440",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-14440",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-09-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:31:14.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14441 (GCVE-0-2017-14441)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-17 04:05
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Date Public
    2018-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:46.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-03-01T00:00:00",
              "ID": "CVE-2017-14441",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-14441",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-09-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:05:12.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3837 (GCVE-0-2018-3837)

    Vulnerability from nvd – Published: 2018-04-10 21:00 – Updated: 2024-09-16 17:58
    VLAI
    Summary
    An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • Heap Based-Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Systems, Inc. Simple Direct Media Affected: Simple DirectMedia LayerSDL2_image 2.0.2
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:57:23.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.starwindsoftware.com/security/sw-20191008-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple Direct Media",
              "vendor": "Cisco Systems, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Simple DirectMedia LayerSDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap Based-Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519"
            },
            {
              "url": "https://www.starwindsoftware.com/security/sw-20191008-0001/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2018-3837",
        "datePublished": "2018-04-10T21:00:00.000Z",
        "dateReserved": "2018-01-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:58:09.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3838 (GCVE-0-2018-3838)

    Vulnerability from nvd – Published: 2018-04-10 21:00 – Updated: 2024-09-16 18:44
    VLAI
    Summary
    An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • Heap Based-Overflow
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Vendor Product Version
    Cisco Systems, Inc. Simple DirectMedia Affected: Simple DirectMedia Layer SDL2_image 2.0.2
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:57:23.951Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia",
              "vendor": "Cisco Systems, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Simple DirectMedia Layer SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap Based-Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:04:18.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-04-10T00:00:00",
              "ID": "CVE-2018-3838",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Simple DirectMedia Layer SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco Systems, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap Based-Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2018-3838",
        "datePublished": "2018-04-10T21:00:00.000Z",
        "dateReserved": "2018-01-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:44:14.602Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3839 (GCVE-0-2018-3839)

    Vulnerability from nvd – Published: 2018-04-10 21:00 – Updated: 2024-09-16 22:57
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • Heap Based Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Systems, Inc. Simple DirectMedia Affected: Simple DirectMedia Layer SDL2_image 2.0.2
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:57:23.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.starwindsoftware.com/security/sw-20191008-0002/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia",
              "vendor": "Cisco Systems, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Simple DirectMedia Layer SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap Based Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521"
            },
            {
              "url": "https://www.starwindsoftware.com/security/sw-20191008-0002/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2018-3839",
        "datePublished": "2018-04-10T21:00:00.000Z",
        "dateReserved": "2018-01-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:57:08.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2887 (GCVE-0-2017-2887)

    Vulnerability from nvd – Published: 2017-10-11 18:00 – Updated: 2024-09-17 02:57
    VLAI
    Summary
    An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.
    CWE
    • Remote code execution
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/101215 vdb-entryx_refsource_BID
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Vendor Product Version
    Talos Simple Direct Media Affected: Simple DirectMedia Layer SDL_image 2.0.1
    Create a notification for this product.
    Date Public
    2017-10-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.429Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "101215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101215"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple Direct Media",
              "vendor": "Talos",
              "versions": [
                {
                  "status": "affected",
                  "version": "Simple DirectMedia Layer SDL_image 2.0.1"
                }
              ]
            }
          ],
          "datePublic": "2017-10-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:24:13.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "101215",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101215"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2017-10-10T00:00:00",
              "ID": "CVE-2017-2887",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple Direct Media",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Simple DirectMedia Layer SDL_image 2.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Talos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "101215",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101215"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2887",
        "datePublished": "2017-10-11T18:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:57:14.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-35444 (GCVE-0-2026-35444)

    Vulnerability from cvelistv5 – Published: 2026-04-06 21:44 – Updated: 2026-04-08 14:06
    VLAI
    Title
    SDL_image has a heap buffer overflow READ via unchecked colormap index in XCF loader
    Summary
    SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    libsdl-org SDL_image Affected: < 996bf12888925932daace576e09c3053410896f8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35444",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T14:06:16.276801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T14:06:28.528Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SDL_image",
              "vendor": "libsdl-org",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 996bf12888925932daace576e09c3053410896f8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-06T21:44:05.986Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/libsdl-org/SDL_image/security/advisories/GHSA-gq8w-x74c-h6p7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/libsdl-org/SDL_image/security/advisories/GHSA-gq8w-x74c-h6p7"
            }
          ],
          "source": {
            "advisory": "GHSA-gq8w-x74c-h6p7",
            "discovery": "UNKNOWN"
          },
          "title": "SDL_image has a heap buffer overflow READ via unchecked colormap index in XCF loader"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-35444",
        "datePublished": "2026-04-06T21:44:05.986Z",
        "dateReserved": "2026-04-02T19:25:52.192Z",
        "dateUpdated": "2026-04-08T14:06:28.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-3977 (GCVE-0-2018-3977)

    Vulnerability from cvelistv5 – Published: 2018-11-01 15:00 – Updated: 2024-09-17 02:33
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • Heap-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4238-1/ vendor-advisoryx_refsource_UBUNTU
    https://talosintelligence.com/vulnerability_repor… x_refsource_MISC
    Impacted products
    Vendor Product Version
    Simple DirectMedia Layer Simple DirectMedia Layer Affected: Simple DirectMedia Layer SDL2_image 2.0.3
    Create a notification for this product.
    Date Public
    2018-10-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:57:24.493Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1861-1] libsdl2-image security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
              },
              {
                "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
              },
              {
                "name": "USN-4238-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4238-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Simple DirectMedia Layer",
              "versions": [
                {
                  "status": "affected",
                  "version": "Simple DirectMedia Layer SDL2_image 2.0.3"
                }
              ]
            }
          ],
          "datePublic": "2018-10-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:07:22.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1861-1] libsdl2-image security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
            },
            {
              "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
            },
            {
              "name": "USN-4238-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4238-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-10-31T00:00:00",
              "ID": "CVE-2018-3977",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Simple DirectMedia Layer SDL2_image 2.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Simple DirectMedia Layer"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1861-1] libsdl2-image security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
                },
                {
                  "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
                },
                {
                  "name": "USN-4238-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4238-1/"
                },
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2018-3977",
        "datePublished": "2018-11-01T15:00:00.000Z",
        "dateReserved": "2018-01-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:33:07.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14450 (GCVE-0-2017-14450)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-17 00:05
    VLAI
    Summary
    A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Date Public
    2018-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:59.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-03-01T00:00:00",
              "ID": "CVE-2017-14450",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.1,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-14450",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-09-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:05:53.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14448 (GCVE-0-2017-14448)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-17 04:13
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Date Public
    2018-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.533Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:56.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-03-01T00:00:00",
              "ID": "CVE-2017-14448",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-14448",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-09-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:13:49.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14449 (GCVE-0-2017-14449)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-16 19:56
    VLAI
    Summary
    A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • double-free
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Date Public
    2018-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.698Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "double-free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:57.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-03-01T00:00:00",
              "ID": "CVE-2017-14449",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "double-free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-14449",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-09-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:56:21.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12122 (GCVE-0-2017-12122)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-16 22:40
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Date Public
    2018-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:24.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-03-01T00:00:00",
              "ID": "CVE-2017-12122",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-12122",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:40:57.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14442 (GCVE-0-2017-14442)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-16 16:49
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Date Public
    2018-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.547Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:48.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-03-01T00:00:00",
              "ID": "CVE-2017-14442",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-14442",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-09-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:49:04.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14440 (GCVE-0-2017-14440)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-17 02:31
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Date Public
    2018-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.516Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:45.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-03-01T00:00:00",
              "ID": "CVE-2017-14440",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-14440",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-09-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:31:14.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14441 (GCVE-0-2017-14441)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-17 04:05
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Date Public
    2018-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:27:40.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia Layer",
              "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:46.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-03-01T00:00:00",
              "ID": "CVE-2017-14441",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia Layer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-14441",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-09-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:05:12.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3837 (GCVE-0-2018-3837)

    Vulnerability from cvelistv5 – Published: 2018-04-10 21:00 – Updated: 2024-09-16 17:58
    VLAI
    Summary
    An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • Heap Based-Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Systems, Inc. Simple Direct Media Affected: Simple DirectMedia LayerSDL2_image 2.0.2
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:57:23.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.starwindsoftware.com/security/sw-20191008-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple Direct Media",
              "vendor": "Cisco Systems, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Simple DirectMedia LayerSDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap Based-Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519"
            },
            {
              "url": "https://www.starwindsoftware.com/security/sw-20191008-0001/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2018-3837",
        "datePublished": "2018-04-10T21:00:00.000Z",
        "dateReserved": "2018-01-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:58:09.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3838 (GCVE-0-2018-3838)

    Vulnerability from cvelistv5 – Published: 2018-04-10 21:00 – Updated: 2024-09-16 18:44
    VLAI
    Summary
    An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • Heap Based-Overflow
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201903-17 vendor-advisoryx_refsource_GENTOO
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Vendor Product Version
    Cisco Systems, Inc. Simple DirectMedia Affected: Simple DirectMedia Layer SDL2_image 2.0.2
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:57:23.951Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia",
              "vendor": "Cisco Systems, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Simple DirectMedia Layer SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap Based-Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:04:18.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-04-10T00:00:00",
              "ID": "CVE-2018-3838",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple DirectMedia",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Simple DirectMedia Layer SDL2_image 2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco Systems, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap Based-Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "GLSA-201903-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201903-17"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2018-3838",
        "datePublished": "2018-04-10T21:00:00.000Z",
        "dateReserved": "2018-01-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:44:14.602Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3839 (GCVE-0-2018-3839)

    Vulnerability from cvelistv5 – Published: 2018-04-10 21:00 – Updated: 2024-09-16 22:57
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
    CWE
    • Heap Based Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Systems, Inc. Simple DirectMedia Affected: Simple DirectMedia Layer SDL2_image 2.0.2
    Create a notification for this product.
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:57:23.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "name": "GLSA-201903-17",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201903-17"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.starwindsoftware.com/security/sw-20191008-0002/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple DirectMedia",
              "vendor": "Cisco Systems, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Simple DirectMedia Layer SDL2_image 2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap Based Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "name": "GLSA-201903-17",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201903-17"
            },
            {
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521"
            },
            {
              "url": "https://www.starwindsoftware.com/security/sw-20191008-0002/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2018-3839",
        "datePublished": "2018-04-10T21:00:00.000Z",
        "dateReserved": "2018-01-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:57:08.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2887 (GCVE-0-2017-2887)

    Vulnerability from cvelistv5 – Published: 2017-10-11 18:00 – Updated: 2024-09-17 02:57
    VLAI
    Summary
    An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.
    CWE
    • Remote code execution
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4177 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/101215 vdb-entryx_refsource_BID
    https://www.debian.org/security/2018/dsa-4184 vendor-advisoryx_refsource_DEBIAN
    https://www.talosintelligence.com/vulnerability_r… x_refsource_MISC
    Impacted products
    Vendor Product Version
    Talos Simple Direct Media Affected: Simple DirectMedia Layer SDL_image 2.0.1
    Create a notification for this product.
    Date Public
    2017-10-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.429Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4177"
              },
              {
                "name": "101215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101215"
              },
              {
                "name": "DSA-4184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4184"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Simple Direct Media",
              "vendor": "Talos",
              "versions": [
                {
                  "status": "affected",
                  "version": "Simple DirectMedia Layer SDL_image 2.0.1"
                }
              ]
            }
          ],
          "datePublic": "2017-10-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:24:13.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "DSA-4177",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4177"
            },
            {
              "name": "101215",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101215"
            },
            {
              "name": "DSA-4184",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4184"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2017-10-10T00:00:00",
              "ID": "CVE-2017-2887",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Simple Direct Media",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Simple DirectMedia Layer SDL_image 2.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Talos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4177",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4177"
                },
                {
                  "name": "101215",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101215"
                },
                {
                  "name": "DSA-4184",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4184"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2887",
        "datePublished": "2017-10-11T18:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:57:14.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }