Published: 16/07/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

SDL (Simple DirectMedia Layer) up to and including 1.2.15 and 2.x up to and including 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libsdl simple directmedia layer
debian debian linux 9.0
debian debian linux 10.0
opensuse leap 15.0
opensuse leap 15.1
opensuse backports sle 15.0
fedoraproject fedora 29
fedoraproject fedora 30
fedoraproject fedora 31
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux 8.0
redhat enterprise linux server aus 7.7
redhat enterprise linux server tus 7.7
redhat enterprise linux eus 7.7
redhat enterprise linux eus 8.1

Debian Bug report logs - #940934 libsdl2-image: CVE-2019-13616 Package: src:libsdl2-image; Maintainer for src:libsdl2-image is Debian SDL packages maintainers <pkg-sdl-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 22 Sep 2019 08:15:02 UTC Severity: important Ta ...

Synopsis Important: SDL security update Type/Severity Security Advisory: Important Topic An update for SDL is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

Synopsis Important: SDL security update Type/Severity Security Advisory: Important Topic An update for SDL is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Synopsis Important: SDL security update Type/Severity Security Advisory: Important Topic An update for SDL is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

Several security issues were fixed in SDL ...

Several security issues were fixed in SDL_image ...

An issue was discovered in libSDL2a in Simple DirectMedia Layer (SDL) 209 There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixelsc(CVE-2019-12222) A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to la ...

A heap-based buffer overflow flaw, in SDL while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code(CVE-2019-14 ...

A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could a ...

CWE-125 https://bugzilla.libsdl.org/show_bug.cgi?id=4538 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html https://usn.ubuntu.com/4156-1/https://usn.ubuntu.com/4156-2/https://access.redhat.com/errata/RHSA-2019:3951 https://access.redhat.com/errata/RHSA-2019:3950 https://usn.ubuntu.com/4238-1/https://access.redhat.com/errata/RHSA-2020:0293 https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html https://security.gentoo.org/glsa/202305-17 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940934 https://nvd.nist.gov https://usn.ubuntu.com/4156-2/

Get Started

CVE-2019-13616

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect