NULL pointer dereference in sdl2_image (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-12218 |
| CWE-ID | CWE-476 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
sdl2_image (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU19290
Risk: Low
CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-12218
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionssdl2_image (Alpine package): 2.0.2-r1 - 2.0.4-r0
CPE2.3- cpe:2.3:a:alpine:sdl2_image_alpine_package:2.0.2-r1:*:*:*:*:alpine_linux:*:3.6
- cpe:2.3:a:alpine:sdl2_image_alpine_package:2.0.3-r0:*:*:*:*:alpine_linux:*:3.7
- cpe:2.3:a:alpine:sdl2_image_alpine_package:2.0.4-r0:*:*:*:*:alpine_linux:*:3.9
https://git.alpinelinux.org/aports/commit/?id=f39cc4a76fb62bedd5c496cbc5e5893066fc79e6
https://git.alpinelinux.org/aports/commit/?id=55de9cfbb9d142a1a279c1ca0e6f81b533b56051
https://git.alpinelinux.org/aports/commit/?id=9f6b061f48c397e4e666fcf6f75fabe92b6033d2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
