CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-2888

HIGH
8.8
CVSS Severity Score
EPSS Score0.0620%
EPSS Percentile38.56th
Published2017年10月11日
Last Modified2026年5月13日

Vulnerability Description

An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

Affected Platforms (CPE)

📦
Libsdl

Simple Directmedia Layer

= 2.0.5
💻
Canonical

Ubuntu Linux

= 16.04
💻
Canonical

Ubuntu Linux

= 18.04
💻
Canonical

Ubuntu Linux

= 19.04
💻
Debian

Debian Linux

= 9.0

References & Advisories

🔗 http://www.securityfocus.com/bid/101215
🔗 https://lists.debian.org/debian-lts-announce/2021/10/msg00031.html
🔗 https://usn.ubuntu.com/4143-1/
🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395
🔗 http://www.securityfocus.com/bid/101215
🔗 https://lists.debian.org/debian-lts-announce/2021/10/msg00031.html
🔗 https://usn.ubuntu.com/4143-1/
🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395

相關漏洞威脅

CVE-2019-75738.8

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL...

CVE-2018-38398.8

An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image...

CVE-2019-75728.8

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c...

CVE-2019-75748.8

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio...

CVE-2017-2888 Detail & Impact Analysis | CVSS 8.8 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space