1. CVE-Search
  2. CVE-2019-5058
ID CVE-2019-5058
Summary An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:libsdl:sdl2_image:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:sdl2_image:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 27-06-2022 - 17:29)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
misc https://talosintelligence.com/vulnerability_reports/TALOS-2019-0842
suse
  • openSUSE-SU-2019:2070
  • openSUSE-SU-2019:2071
  • openSUSE-SU-2019:2108
  • openSUSE-SU-2019:2109
Last major update 27-06-2022 - 17:29
Published 31-07-2019 - 17:15
Last modified 27-06-2022 - 17:29
Back to Top