Published: 07/01/2020 Updated: 12/02/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions up to and including 1.2.15 and 2.x up to and including 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an malicious user to make the application crash or execute code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libsdl simple directmedia layer
redhat enterprise linux 7.0

Synopsis Important: SDL security update Type/Severity Security Advisory: Important Topic An update for SDL is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

A heap-based buffer overflow flaw, in SDL while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code(CVE-2019-14 ...

CWE-125 CWE-787 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906 https://access.redhat.com/errata/RHSA-2019:4024 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2019-1375.html

CVE-2019-14906

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect