SdlCVEs & Vulnerabilities
3 CVEs affecting Sdl products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
Most Affected Products
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.
Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information.
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.