{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T14:48:38.567","vulnerabilities":[{"cve":{"id":"CVE-2018-3839","sourceIdentifier":"talos-cna@cisco.com","published":"2018-04-10T21:29:00.343","lastModified":"2024-11-21T04:06:08.700","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de renderización de imágenes XCF de Simple DirectMedia Layer SDL2_image-2.0.2. Una imagen XCF especialmente manipulada puede provocar una escritura fuera de límites en la memoria dinámica (heap), lo que resulta en la ejecución de código. Un atacante puede mostrar una imagen especialmente manipulada para provocar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libsdl:sdl_image:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8ACCFE82-277E-4B12-8BD4-C7B8FBFB37BD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533:*:*:*:vsphere:*:*","matchCriteriaId":"0E5C2815-65C8-48D7-BF31-6104EDD0CBE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658:*:*:*:vsphere:*:*","matchCriteriaId":"6FF4A265-AFFD-4853-B3CE-A55E950E8B5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12859:*:*:*:vsphere:*:*","matchCriteriaId":"E6484296-5BA8-408A-A087-A0D86BA50703"}]}]}],"references":[{"url":"https://security.gentoo.org/glsa/201903-17","source":"talos-cna@cisco.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4177","source":"talos-cna@cisco.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4184","source":"talos-cna@cisco.com","tags":["Third Party Advisory"]},{"url":"https://www.starwindsoftware.com/security/sw-20191008-0002/","source":"talos-cna@cisco.com","tags":["Third Party Advisory"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521","source":"talos-cna@cisco.com","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201903-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4177","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4184","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.starwindsoftware.com/security/sw-20191008-0002/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}}]}