CVE-2019-5060
https://notcve.org/view.php?id=CVE-2019-5060
An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la función de renderización de imágenes XPM de SDL2_image 2.0.4. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0844 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2019-5059
https://notcve.org/view.php?id=CVE-2019-5059
An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad de renderización de imágenes XPM de SDL2_image 2.0.4. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0843 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2019-5058
https://notcve.org/view.php?id=CVE-2019-5058
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad de renderización de imágenes XCF de SDL2_image versión 2.0.4. Una imagen XCF especialmente diseñada puede causar un desbordamiento de la pila, resultando en la ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0842 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-5057
https://notcve.org/view.php?id=CVE-2019-5057
An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad de renderización de imágenes PCX de SDL2_image versión 2.0.4. Una imagen PCX especialmente diseñada puede causar un desbordamiento de la pila, resultando en la ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-5051
https://notcve.org/view.php?id=CVE-2019-5051
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de búfer basado en memoria dinámica (heap) cuando se carga un archivo PCX en SDL2_image, versión 2.0.4. La falta de un manejador de errores puede provocar un desbordamiento del búfer y una posible ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820 https://usn.ubuntu.com/4238-1 • CWE-390: Detection of Error Condition Without Action CWE-755: Improper Handling of Exceptional Conditions CWE-787: Out-of-bounds Write •