QwikSec

Security Database

CVE

CWE

Training

CVE-2018-3839

Published: Apr 10, 2018

Modified: Sep 16, 2024

PUBLISHED

CVSS v3.0

7.5

HIGH

Description

An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

Vendor	Product	Versions
Cisco Systems, Inc.	Simple DirectMedia	affected `Simple DirectMedia Layer SDL2_image 2.0.2`

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

vendor-advisory

vendor-advisory

vendor-advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521

https://www.starwindsoftware.com/security/sw-20191008-0002/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2018-3839 | HIGH (7.5) - Security Vulnerability | QwikSec