CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 1CVE-2019-5060
https://notcve.org/view.php?id=CVE-2019-5060
31 Jul 2019 — An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la función de render... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2019-5059
https://notcve.org/view.php?id=CVE-2019-5059
31 Jul 2019 — An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad de renderización de imáge... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2019-5058
https://notcve.org/view.php?id=CVE-2019-5058
31 Jul 2019 — An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad de renderización de imágenes XCF de SDL2_image versión 2.0.4. Una imagen XCF especialmente diseñada puede causar un desbordamiento de la pila, resu... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2019-5057
https://notcve.org/view.php?id=CVE-2019-5057
31 Jul 2019 — An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad de renderización de imágenes PCX de SDL2_image versión 2.0.4. Una imagen PCX especialmente diseñada puede causar un desbordamiento de la pila, resu... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 1CVE-2019-5051
https://notcve.org/view.php?id=CVE-2019-5051
03 Jul 2019 — An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de búfer basado en memoria dinámica (heap) cuando se carga un archivo PCX en SDL2_image, versión 2.0.4. La falta de un manejador de errores puede provocar un desbordamien... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-390: Detection of Error Condition Without Action CWE-755: Improper Handling of Exceptional Conditions CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 1CVE-2019-5052
https://notcve.org/view.php?id=CVE-2019-5052
03 Jul 2019 — An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de enteros explotable al cargar un archivo PCX en SDL2_image versión 2.0.4. Un archivo especialmente manipulado pu... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 1CVE-2019-12221
https://notcve.org/view.php?id=CVE-2019-12221
20 May 2019 — An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. Se detectó un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9 cuando se usa junto con libSDL2_image.a en SDL2_image 2.0.4. Hay un SEGV en la función SDL SDL_free_REAL at stdlib / SDL_malloc.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12220
https://notcve.org/view.php?id=CVE-2019-12220
20 May 2019 — An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c. Se detectó un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9 cuando se usa junto con libSDL2_image.a en SDL2_image 2.0.4. Hay una lectura de fuera de límites en la función SDL_FreePalette_REAL de SDL at video / SDL_pixels.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12219 – Ubuntu Security Notice USN-4238-1
https://notcve.org/view.php?id=CVE-2019-12219
20 May 2019 — An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c. Se detectó un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9 cuando se usa junto con libSDL2_image.a en SDL2_image 2.0.4. Hay un error gratuito no válido en la función SDL_SetError_REAL de SDL en SDL_error.c. It was discovered that SDL_image incorrectly handled certai... • https://bugzilla.libsdl.org/show_bug.cgi?id=4625 • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12218
https://notcve.org/view.php?id=CVE-2019-12218
20 May 2019 — An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. Se detectó un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9 cuando se usa junto con libSDL2_image.a en SDL2_image 2.0.4. Hay una diferencia de puntero NULL en la function SDL2_image IMG_LoadPCX_RW at IMG_pcx.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-476: NULL Pointer Dereference •