CyberSec.Space Logo
Back to CVE Browser

CVE-2017-2888

HIGH
8.8
CVSS Severity Score
EPSS Score0.0620%
EPSS Percentile38.56th
PublishedOct 11, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

Affected Platforms (CPE)

πŸ“¦
Libsdl

Simple Directmedia Layer

= 2.0.5
πŸ’»
Canonical

Ubuntu Linux

= 16.04
πŸ’»
Canonical

Ubuntu Linux

= 18.04
πŸ’»
Canonical

Ubuntu Linux

= 19.04
πŸ’»
Debian

Debian Linux

= 9.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/101215
πŸ”— https://lists.debian.org/debian-lts-announce/2021/10/msg00031.html
πŸ”— https://usn.ubuntu.com/4143-1/
πŸ”— https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395
πŸ”— http://www.securityfocus.com/bid/101215
πŸ”— https://lists.debian.org/debian-lts-announce/2021/10/msg00031.html
πŸ”— https://usn.ubuntu.com/4143-1/
πŸ”— https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395

Related Vulnerabilities

CVE-2019-75738.8

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL...

CVE-2018-38398.8

An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image...

CVE-2019-75728.8

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c...

CVE-2019-75748.8

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio...

CVE-2017-2888 Detail & Impact Analysis | CVSS 8.8 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space