CVE-2017-14442
Gentoo Linux Security Advisory 201903-17
Severity Score
Exploit Likelihood
Affected Versions
4Public Exploits
0Exploited in Wild
-Decision
Descriptions
An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de renderización de imágenes BMP de SDL2_image-2.0.2. Una imagen BMP especialmente manipulada puede provocar un desbordamiento de búfer basado en pila que resulta en la ejecución de código. Un atacante puede mostrar una imagen especialmente manipulada para provocar esta vulnerabilidad.
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-13 CVE Reserved
- 2018-04-23 CVE Published
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/04/ms... | Mailing List |
|
| https://www.talosintelligence.com/vulnerability_reports... | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201903-17 | 2022-12-09 | |
| https://www.debian.org/security/2018/dsa-4177 | 2022-12-09 | |
| https://www.debian.org/security/2018/dsa-4184 | 2022-12-09 |