Cisco Blogs
Share

Vulnerability Spotlight: Arbitrary Code Execution Bugs in Simple DirectMedia Layer Fixed

- October 10, 2017 - 0 Comments

Today, Talos is disclosing two vulnerabilities that have been identified in the Simple DirectMedia Layer library. Simple DirectMedia Layer (SDL) is a cross-platform development library designed for use in video playback software, emulators, and games by providing low level access to audio, keyboard, mouse, joystick, and graphics hardware. SDL, via its SDL_image library, also has the capability to handle various image formats such as XCF, the default layered image format for GIMP.

An attacker could compromise a user by exploiting one of these vulnerabilities via a specifically crafted file that SDL would handle, such as a XCF file.

Given that numerous applications make use of SDL, Talos has coordinated with the SDL community to disclose these vulnerabilities and ensure that an updated version of the library is available to use.

Read more »

Tags:
Leave a comment

We'd love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

Share