CVE-2019-13616 — Out-of-bounds Read in Simple Directmedia Layer
Severity
8.1HIGHNVD
EPSS
6.9%
top 8.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 16
Latest updateMay 24
Description
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2
Affected Packages7 packages
Also affects: Debian Linux 10.0, 9.0, Fedora 29, 30, 31, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, Enterprise Linux 8.0, 7.7, 8.1
🔴Vulnerability Details
3📋Vendor Advisories
6💬Community
7Bugzilla▶
CVE-2019-14906 SDL: CVE-2019-13616 not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:3950↗2019-11-27
Bugzilla▶
CVE-2019-13616 mingw-SDL2: SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c [epel-7]↗2019-09-20
Bugzilla▶
CVE-2019-13616 SDL2: SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c [epel-7]↗2019-09-20
Bugzilla▶
CVE-2019-13616 SDL2: SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c [fedora-all]↗2019-09-20
Bugzilla▶
CVE-2019-13616 mingw-SDL2: SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c [fedora-all]↗2019-09-20