CVE-2019-13616: A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.

Affected

29 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	libsdl1.2	< libsdl1.2 1.2.15+dfsg2-5 (bookworm)	libsdl1.2 1.2.15+dfsg2-5 (bookworm)
debian	libsdl2	< libsdl1.2 1.2.15+dfsg2-5 (bookworm)	libsdl1.2 1.2.15+dfsg2-5 (bookworm)
debian	libsdl2-image	< libsdl1.2 1.2.15+dfsg2-5 (bookworm)	libsdl1.2 1.2.15+dfsg2-5 (bookworm)
debian	sdl-image1.2	< libsdl1.2 1.2.15+dfsg2-5 (bookworm)	libsdl1.2 1.2.15+dfsg2-5 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
libsdl	simple_directmedia_layer	<= 1.2.15	—
libsdl	simple_directmedia_layer	2.0.0 – 2.0.9	—
opensuse	backports_sle	—	—
opensuse	leap	—	—
opensuse	leap	—	—
red_hat	sdl	—	—
red_hat	sdl	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv8.1HIGH