CVE-2017-14450 - OpenCVE

A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Libsdl	Sdl Image

Configuration 1 [-]

cpe:2.3:a:libsdl:sdl_image:2.0.2:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html	Third Party Advisory
https://security.gentoo.org/glsa/201903-17	Third Party Advisory
https://www.debian.org/security/2018/dsa-4177	Third Party Advisory
https://www.debian.org/security/2018/dsa-4184	Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499	Technical Description Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: talos

Published: 2018-03-01T00:00:00

Updated: 2022-04-19T18:20:59

Reserved: 2017-09-13T00:00:00

Link: CVE-2017-14450

JSON object: View

NVD Information

Status : Modified

Published: 2018-04-24T19:29:01.940

Modified: 2022-04-19T19:15:16.953

Link: CVE-2017-14450

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "Simple DirectMedia Layer", "vendor": "Sam Lantinga and Mattias Engdeg\u00e5rd", "versions": [{"status": "affected", "version": "SDL2_image 2.0.2"}]}], "datePublic": "2018-03-01T00:00:00", "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "buffer overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T18:20:59", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"name": "DSA-4177", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4177"}, {"name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"}, {"name": "DSA-4184", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4184"}, {"name": "GLSA-201903-17", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201903-17"}, {"tags": ["x_refsource_MISC"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "DATE_PUBLIC": "2018-03-01T00:00:00", "ID": "CVE-2017-14450", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Simple DirectMedia Layer", "version": {"version_data": [{"version_value": "SDL2_image 2.0.2"}]}}]}, "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability."}]}, "impact": {"cvss": {"baseScore": 7.1, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "buffer overflow"}]}]}, "references": {"reference_data": [{"name": "DSA-4177", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4177"}, {"name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"}, {"name": "DSA-4184", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4184"}, {"name": "GLSA-201903-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201903-17"}, {"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499"}]}}}}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2017-14450", "datePublished": "2018-03-01T00:00:00", "dateReserved": "2017-09-13T00:00:00", "dateUpdated": "2022-04-19T18:20:59", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libsdl:sdl_image:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8ACCFE82-277E-4B12-8BD4-C7B8FBFB37BD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la funcionalidad de renderizaci\u00f3n de im\u00e1genes GIF de SDL2_image-2.0.2. Una imagen GIF especialmente manipulada puede desembocar en un desbordamiento de b\u00fafer en una secci\u00f3n global. Un atacante puede mostrar una imagen para provocar esta vulnerabilidad."}], "id": "CVE-2017-14450", "lastModified": "2022-04-19T19:15:16.953", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2018-04-24T19:29:01.940", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"}, {"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-17"}, {"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4177"}, {"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4184"}, {"source": "talos-cna@cisco.com", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}