Cisco Blogs
Share

Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer


July 2, 2019 - 0 Comments

Simple DirectMedia Layer contains two vulnerabilities that could an attacker to remotely execute code on the victim’s machine. Both bugs are present in the SDL2_image library, which is used for loading images in different formats. There are vulnerabilities in the function responsible for loading PCX files. A specially crafted PCX file can lead to a heap buffer overflow and remote code execution in both cases.

In accordance with our coordinated disclosure policy, Cisco Talos worked with SDL to ensure that these issues are resolved and that an update is available for affected customers. Check out the Talos blog for all the details and coverage.



Tags:
Leave a comment

We'd love to hear from you! Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed and HTML formatting will not appear.