Tuesday, July 2, 2019

Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer


Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities.

Simple DirectMedia Layer contains two vulnerabilities that could an attacker to remotely execute code on the victim’s machine. Both bugs are present in the SDL2_image library, which is used for loading images in different formats. There are vulnerabilities in the function responsible for loading PCX files. A specially crafted PCX file can lead to a heap buffer overflow and remote code execution in both cases.

In accordance with our coordinated disclosure policy, Cisco Talos worked with SDL to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Simple DirectMedia Layer SDL2_image IMG_LoadPCX_RW code execution vulnerability (TALOS-2019-0820/CVE-2019-5051)

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Simple DirectMedia Layer SDL2_image IMG_LoadPCX_RW signed comparison code execution vulnerability (TALOS-2019-0821/CVE-2019-5052)

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that Simple DirectMedia Layer SDL2_image, version 2.0.4 is affected by these vulnerabilities.



Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 46143 - 46146, 50035, 50036

No comments:

Post a Comment