CVE-2019-5052

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-5052
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-5052.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-5052
Downstream
Related
Published
2019-07-03T19:15:12.707Z
Modified
2026-02-24T08:13:03.297952Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

References

Affected packages

Git / github.com/libgd/libgd

Affected ranges

Type
GIT
Repo
https://github.com/libgd/libgd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b623f93e3012b96b8aec68fbb64b1815af56601d

Affected versions

Other
GD_1_3_0
GD_1_4_0
GD_1_5_0
GD_1_6_0
GD_1_6_1
GD_1_6_2
GD_1_6_3
GD_1_7_0
GD_1_7_1
GD_1_7_2
GD_1_7_3
GD_1_8_0
GD_1_8_1
GD_1_8_3
GD_1_8_4
GD_2_0_0
GD_2_0_1
GD_2_0_2
GD_2_0_3
GD_2_0_4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-5052.json"