1. Home
  2. CVE Database
  3. CVE-2018-3837
MEDIUM · 5.5

CVE-2018-3837

An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-boun...

Vulnerability Description

An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
LibsdlSdl Image2.0.2
DebianDebian Linux8.0
StarwindsoftwareStarwind Virtual Sanv8

Related Weaknesses (CWE)

CWE-125

References

FAQ

What is CVE-2018-3837?

CVE-2018-3837 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-boun...

How severe is CVE-2018-3837?

CVE-2018-3837 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-3837?

Check the references section above for vendor advisories and patch information. Affected products include: Libsdl Sdl Image, Debian Debian Linux, Starwindsoftware Starwind Virtual San.