QwikSec

Security Database

CVE

CWE

Training

CVE-2018-3837

Published: Apr 10, 2018

Modified: Sep 16, 2024

PUBLISHED

CVSS v3.0

5.3

MEDIUM

Description

An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.

Vendor	Product	Versions
Cisco Systems, Inc.	Simple Direct Media	affected `Simple DirectMedia LayerSDL2_image 2.0.2`

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

vendor-advisory

vendor-advisory

vendor-advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519

https://www.starwindsoftware.com/security/sw-20191008-0001/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.