CVE-2019-12220 — Out-of-bounds Read in Sdl2 Image

CWE-125 — Out-of-bounds Read13 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.8%

top 26.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libsdl Sdl2 Image Libsdl Simple Directmedia Layer

Timeline

PublishedMay 20

Latest updateMay 24

Description

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlibsdl/simple_directmedia_layer2.0.9

▶NVDlibsdl/sdl2_image2.0.4

🔴Vulnerability Details

GHSA

GHSA-hrh3-rvrh-p2vg: An issue was discovered in libSDL2↗2022-05-24

▶

OSV

CVE-2019-12220: An issue was discovered in libSDL2↗2019-05-20

▶

CVEList

CVE-2019-12220: An issue was discovered in libSDL2↗2019-05-20

▶

📋Vendor Advisories

Ubuntu

SDL_image vulnerabilities↗2020-01-14

▶

Red Hat

SDL: out-of-bounds read in function SDL_FreePalette_REAL in video/SDL_pixels.c↗2019-05-20

▶

Debian

CVE-2019-12220: libsdl2-image - An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 whe...↗2019

▶

💬Community

Bugzilla

CVE-2019-12220 SDL2: SDL: out-of-bounds read in function SDL_FreePalette_REAL in video/SDL_pixels.c [fedora-all]↗2019-09-16

▶

Bugzilla

CVE-2019-12220 mingw-SDL2: SDL: out-of-bounds read in function SDL_FreePalette_REAL in video/SDL_pixels.c [epel-7]↗2019-09-16

▶

Bugzilla

CVE-2019-12220 mingw-SDL2: SDL: out-of-bounds read in function SDL_FreePalette_REAL in video/SDL_pixels.c [fedora-all]↗2019-09-16

▶

Bugzilla

CVE-2019-12220 SDL2: SDL: out-of-bounds read in function SDL_FreePalette_REAL in video/SDL_pixels.c [epel-7]↗2019-09-16

▶

Bugzilla

CVE-2019-12220 SDL: out-of-bounds read in function SDL_FreePalette_REAL in video/SDL_pixels.c↗2019-07-23

▶