N/A

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

N/A

整数溢出或超界折返

SDL2_image 输入验证错误漏洞

Simple DirectMedia Layer（SDL）是一个用于访问低级硬件和图形，并为游戏、软件和仿真器提供支持的多平台库。SDL2_image是其中的一个用于解析和显示各种图像文件格式的组件。 SDL2_image 2.0.4版本中的XPM图像渲染功能存在输入验证错误漏洞。攻击者可借助特制的XPM图像利用该漏洞造成堆溢出，进而执行代码。

N/A

N/A