CVE-2017-14441

Опубликовано: 24 апр. 2018

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 6.8

CVSS3: 8.8

Описание

An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	2.0.3+dfsg1-1
devel	not-affected	2.0.3+dfsg1-1
esm-apps/bionic	not-affected	2.0.3+dfsg1-1
esm-apps/xenial	released	2.0.1+dfsg-2+deb9u1build0.16.04.1
esm-infra-legacy/trusty	released	2.0.0+dfsg-3+deb8u1build0.14.04.1
precise/esm	DNE
trusty	released	2.0.0+dfsg-3+deb8u1build0.14.04.1
trusty/esm	released	2.0.0+dfsg-3+deb8u1build0.14.04.1
upstream	released	2.0.3+dfsg1-1

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	1.2.12-8
devel	not-affected	1.2.12-8
esm-apps/bionic	not-affected	1.2.12-8
esm-apps/xenial	released	1.2.12-5+deb9u1build0.16.04.1
esm-infra-legacy/trusty	released	1.2.12-5+deb9u1build0.14.04.1
precise/esm	DNE
trusty	released	1.2.12-5+deb9u1build0.14.04.1
trusty/esm	released	1.2.12-5+deb9u1build0.14.04.1
upstream	released	1.2.12-8

Показывать по

Ссылки на источники

EPSS

Процентиль: 80%

0.01425

Низкий

6.8 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

CVE-2017-14441

CVSS3: 8.8

nvd

почти 8 лет назад

CVE-2017-14441

CVSS3: 8.8

debian

почти 8 лет назад

An exploitable code execution vulnerability exists in the ICO image re ...

GHSA-fjmx-7p86-hg32

CVSS3: 8.8

github

больше 3 лет назад

openSUSE-SU-2018:0734-1

suse-cvrf

почти 8 лет назад

Security update for SDL2, SDL2_image

EPSS

Процентиль: 80%

0.01425

Низкий

6.8 Medium

CVSS2

8.8 High

CVSS3

CVE-2017-14441

Описание

Пакет libsdl2-image

Пакет sdl-image1.2

Ссылки на источники

Связанные уязвимости