CVE-2019-14906Out-of-bounds Write in Simple Directmedia Layer

CWE-787Out-of-bounds WriteCWE-125Out-of-bounds ReadCWE-131Incorrect Calculation of Buffer Size5 documents5 sources
Severity
9.8CRITICALNVD
CNA8.1
EPSS
1.1%
top 22.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Libsdl Simple Directmedia LayerRED HAT SDLRedhat Enterprise Linux
Timeline
PublishedJan 7
Latest updateMay 24

Description

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDlibsdl/simple_directmedia_layer2.0.02.0.9+1
CVEListV5red_hat/sdlall SDL versions 2.x through 2.0.9, all SDL versions through 1.2.15+1

Also affects: Enterprise Linux 7.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-2w82-mm6w-3vc9: A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability2022-05-24
CVEList
CVE-2019-14906: A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability2020-01-07

📋Vendor Advisories

1
Red Hat
SDL: not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:39502019-11-25

💬Community

1
Bugzilla
CVE-2019-14906 SDL: CVE-2019-13616 not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:39502019-11-27
CVE-2019-14906 — Out-of-bounds Write | cvebase