VDB

CVE-2019-5052

CVE-2019-5052 PUBLISHED

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

EPSS 1.51% · 81.6th percentile

Risk Scores

EPSS Score
1.51%
81.6th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSsdl-image1.20, 1.2.12-7, 1.2.12-8
Ubuntu:Pro:14.04:LTSsdl-image1.21.2.12-5build2, 1.2.12-4ubuntu1, 1.2.12-5
Ubuntu:18.04:LTSlibsdl2-image2.0.3+dfsg1-1, 0, 2.0.1+dfsg-3
Ubuntu:16.04:LTSlibsdl2-image2.0.1+dfsg-2, 2.0.1+dfsg-1, *
Ubuntu:Pro:14.04:LTSlibsdl2-image0, 2.0.0+dfsg-3, 2.0.0+dfsg-3build2
Ubuntu:16.04:LTSsdl-image1.21.2.12-5+deb9u1build0.16.04.1, 1.2.12-5build2, 0

Exploit Intelligence

Timeline

  • Jul 3, 2019 CVE Published
  • Jul 4, 2019 PoC Published
  • Jul 5, 2019 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›