CVE-2018-3977

Опубликовано: 01 нояб. 2018

Источник: ubuntu

Приоритет: medium

CVSS2: 6.8

CVSS3: 8.8

Описание

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

Релиз	Статус	Примечание
bionic	not-affected	2.0.4+dfsg1-2ubuntu2.16.04.1
cosmic	not-affected	2.0.4+dfsg1-2ubuntu2.16.04.1
devel	not-affected	2.0.4+dfsg1-2ubuntu2.16.04.1
disco	not-affected	2.0.4+dfsg1-2ubuntu2.16.04.1
eoan	not-affected	2.0.4+dfsg1-2ubuntu2.16.04.1
esm-apps/bionic	not-affected	2.0.4+dfsg1-2ubuntu2.16.04.1
esm-apps/focal	not-affected	2.0.4+dfsg1-2ubuntu2.16.04.1
esm-apps/jammy	not-affected	2.0.4+dfsg1-2ubuntu2.16.04.1
esm-apps/xenial	not-affected	2.0.4+dfsg1-2ubuntu2.16.04.1
esm-infra-legacy/trusty	released	2.0.0+dfsg-3+deb8u2build0.14.04.1~esm1

Показывать по

Релиз	Статус	Примечание
bionic	released	1.2.12-8ubuntu0.1
cosmic	ignored	end of life
devel	not-affected	1.2.12-10
disco	not-affected	1.2.12-10
eoan	not-affected	1.2.12-10
esm-apps/bionic	released	1.2.12-8ubuntu0.1
esm-apps/focal	not-affected	1.2.12-10
esm-apps/jammy	not-affected	1.2.12-10
esm-apps/xenial	released	1.2.12-5+deb9u1ubuntu0.16.04.1
esm-infra-legacy/trusty	released	1.2.12-5+deb9u1ubuntu0.14.04.1~esm1

Показывать по

Ссылки на источники

6.8 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

CVE-2018-3977

CVSS3: 8.8

nvd

больше 7 лет назад

CVE-2018-3977

CVSS3: 8.8

debian

больше 7 лет назад

An exploitable code execution vulnerability exists in the XCF image re ...

SUSE-SU-2018:3861-1

suse-cvrf

около 7 лет назад

Security update for SDL_image

GHSA-9532-gqc7-9wv7

CVSS3: 8.8

github

больше 3 лет назад

openSUSE-SU-2018:3896-1

suse-cvrf

около 7 лет назад

Security update for SDL2_image

6.8 Medium

CVSS2

8.8 High

CVSS3

CVE-2018-3977

Описание

Пакет libsdl2-image

Пакет sdl-image1.2

Ссылки на источники

Связанные уязвимости