CVE-2018-3977
Gentoo Linux Security Advisory 201903-17
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de renderización de imágenes XCF de SDL2_image-2.0.3. Un archivo XCF especialmente manipulado puede provocar un desbordamiento de memoria dinámica (heap) que daría lugar a la ejecución de código. Un atacante puede mostrar una imagen especialmente manipulada para provocar esta vulnerabilidad.
Multiple vulnerabilities have been found in the image loading library for Simple DirectMedia Layer, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.0.4 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-02 CVE Reserved
- 2018-11-01 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645 | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201903-17 | 2022-04-19 | |
| https://usn.ubuntu.com/4238-1 | 2022-04-19 |