CVE-2017-2887

Опубликовано: 11 окт. 2017

Источник: ubuntu

Приоритет: medium

CVSS2: 6.8

CVSS3: 8.8

Описание

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	2.0.1+dfsg-4
devel	not-affected	2.0.1+dfsg-4
esm-apps/bionic	not-affected	2.0.1+dfsg-4
esm-apps/xenial	released	2.0.1+dfsg-2+deb9u1build0.16.04.1
esm-infra-legacy/trusty	released	2.0.0+dfsg-3+deb8u1build0.14.04.1
precise/esm	DNE
trusty	released	2.0.0+dfsg-3+deb8u1build0.14.04.1
trusty/esm	released	2.0.0+dfsg-3+deb8u1build0.14.04.1
upstream	released	2.0.1+dfsg-4

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	1.2.12-7
devel	not-affected	1.2.12-7
esm-apps/bionic	not-affected	1.2.12-7
esm-apps/xenial	released	1.2.12-5+deb9u1build0.16.04.1
esm-infra-legacy/trusty	released	1.2.12-5+deb9u1build0.14.04.1
precise/esm	DNE
trusty	released	1.2.12-5+deb9u1build0.14.04.1
trusty/esm	released	1.2.12-5+deb9u1build0.14.04.1
upstream	released	1.2.12-7

Показывать по

Ссылки на источники

6.8 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

CVE-2017-2887

CVSS3: 8.8

nvd

больше 8 лет назад

CVE-2017-2887

CVSS3: 8.8

debian

больше 8 лет назад

An exploitable buffer overflow vulnerability exists in the XCF propert ...

openSUSE-SU-2018:0490-1

suse-cvrf

почти 8 лет назад

Security update for SDL_image, SDL2_image

GHSA-hqjw-c32v-frhh

CVSS3: 8.8

github

больше 3 лет назад

6.8 Medium

CVSS2

8.8 High

CVSS3

CVE-2017-2887

Описание

Пакет libsdl2-image

Пакет sdl-image1.2

Ссылки на источники

Связанные уязвимости