返回 CVE 瀏覽器

CVE-2017-14441

HIGH

8.8

CVSS Severity Score

EPSS Score0.0780%

EPSS Percentile43.02th

Published2018年4月24日

Last Modified2024年11月21日

Vulnerability Description

An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

Affected Platforms (CPE)

📦

Libsdl

Sdl Image

= 2.0.2

💻

Debian

Debian Linux

= 7.0

💻

Debian

Debian Linux

= 8.0

💻

Debian

Debian Linux

= 9.0

References & Advisories

🔗 https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html

🔗 https://security.gentoo.org/glsa/201903-17

🔗 https://www.debian.org/security/2018/dsa-4177

🔗 https://www.debian.org/security/2018/dsa-4184

🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490

🔗 https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html

🔗 https://security.gentoo.org/glsa/201903-17

🔗 https://www.debian.org/security/2018/dsa-4177

相關漏洞威脅

CVE-2008-054410.0

Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause ...

CVE-2019-149069.8

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affec...

CVE-2017-28878.8

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially cra...

CVE-2017-28888.8

An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can ca...