This page lists publicly disclosed CVE vulnerabilities affecting libsdl sdl_image (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-35444 | SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are | [email protected] | 7.1 | 0.26% | 2026-04-06 | 2026-04-16 |
| CVE-2018-3977 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 8.8 | 3.48% | 2018-11-01 | 2024-11-21 |
| CVE-2017-14450 | A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. | [email protected] | 7.1 | 1.58% | 2018-04-24 | 2024-11-21 |
| CVE-2017-14449 | A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 7.5 | 1.68% | 2018-04-24 | 2024-11-21 |
| CVE-2017-14448 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 8.8 | 2.40% | 2018-04-24 | 2024-11-21 |
| CVE-2017-14442 | An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 8.8 | 2.40% | 2018-04-24 | 2024-11-21 |
| CVE-2017-14441 | An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 8.8 | 2.68% | 2018-04-24 | 2024-11-21 |
| CVE-2017-14440 | An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 8.8 | 2.45% | 2018-04-24 | 2024-11-21 |
| CVE-2017-12122 | An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 8.8 | 2.40% | 2018-04-24 | 2024-11-21 |
| CVE-2018-3839 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 8.8 | 2.60% | 2018-04-10 | 2024-11-21 |
| CVE-2018-3838 | An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 6.5 | 1.82% | 2018-04-10 | 2024-11-21 |
| CVE-2018-3837 | An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 5.5 | 1.25% | 2018-04-10 | 2024-11-21 |
| CVE-2017-2887 | An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability. | [email protected] | 8.8 | 2.66% | 2017-10-11 | 2026-05-13 |