CVE-2019-12221 — Out-of-bounds Write in Sdl2 Image
Severity
6.5MEDIUMNVD
EPSS
2.1%
top 16.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 20
Latest updateMay 24
Description
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 8.0, Fedora 29, 31, Ubuntu Linux 16.04, 18.04
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
6Bugzilla▶
CVE-2019-12221 SDL2: SDL: null-pointer dereference in function SDL_free_REAL in stdlib/SDL_malloc.c [epel-7]↗2019-09-16
Bugzilla▶
CVE-2019-12221 SDL2: SDL: null-pointer dereference in function SDL_free_REAL in stdlib/SDL_malloc.c [fedora-all]↗2019-09-16
Bugzilla▶
CVE-2019-12221 mingw-SDL2: SDL: null-pointer dereference in function SDL_free_REAL in stdlib/SDL_malloc.c [epel-7]↗2019-09-16
Bugzilla▶
CVE-2019-12221 mingw-SDL2: SDL: null-pointer dereference in function SDL_free_REAL in stdlib/SDL_malloc.c [fedora-all]↗2019-09-16
Bugzilla▶
CVE-2019-12221 SDL: null-pointer dereference in function SDL_free_REAL in stdlib/SDL_malloc.c↗2019-07-23