CVE-2018-3839

Name

CVE-2018-3839

Description

An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521
Third Party Advisory	https://www.debian.org/security/2018/dsa-4177
Third Party Advisory	https://www.debian.org/security/2018/dsa-4184
Third Party Advisory	https://security.gentoo.org/glsa/201903-17

References

Match rules

Vulnerable and fixed packages