Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-2888

Опубликовано: 11 окт. 2017
Источник: nvd
CVSS3: 8.8
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.5:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 86%
0.02799
Низкий

8.8 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2017-2888

CVSS3: 8.8
ubuntu
больше 8 лет назад

An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

redhat логотип

CVE-2017-2888

CVSS3: 7.8
redhat
больше 8 лет назад

An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

debian логотип

CVE-2017-2888

CVSS3: 8.8
debian
больше 8 лет назад

An exploitable integer overflow vulnerability exists when creating a n ...

github логотип

GHSA-3x42-vgc3-7f6c

CVSS3: 8.8
github
больше 3 лет назад

An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

fstec логотип

BDU:2022-05864

CVSS3: 8.8
fstec
больше 8 лет назад

Уязвимость библиотеки Simple DirectMedia Layer, связанная с целочисленным переполнением, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 86%
0.02799
Низкий

8.8 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190