An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sdl2_image | Libsdl | 2.0.4 (including) | 2.0.4 (including) |
Libsdl2-image | Ubuntu | bionic | * |
Libsdl2-image | Ubuntu | devel | * |
Libsdl2-image | Ubuntu | disco | * |
Libsdl2-image | Ubuntu | eoan | * |
Libsdl2-image | Ubuntu | esm-apps/bionic | * |
Libsdl2-image | Ubuntu | esm-apps/xenial | * |
Libsdl2-image | Ubuntu | focal | * |
Libsdl2-image | Ubuntu | groovy | * |
Libsdl2-image | Ubuntu | hirsute | * |
Libsdl2-image | Ubuntu | impish | * |
Libsdl2-image | Ubuntu | jammy | * |
Libsdl2-image | Ubuntu | kinetic | * |
Libsdl2-image | Ubuntu | lunar | * |
Libsdl2-image | Ubuntu | mantic | * |
Libsdl2-image | Ubuntu | noble | * |
Libsdl2-image | Ubuntu | oracular | * |
Libsdl2-image | Ubuntu | plucky | * |
Libsdl2-image | Ubuntu | trusty | * |
Libsdl2-image | Ubuntu | trusty/esm | * |
Libsdl2-image | Ubuntu | upstream | * |
Libsdl2-image | Ubuntu | xenial | * |