CVE-2019-7637Out-of-bounds Write in Simple Directmedia Layer

CWE-787Out-of-bounds WriteCWE-120Classic Buffer Overflow12 documents8 sources
Severity
8.8HIGHNVD
EPSS
3.7%
top 12.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Libsdl Simple Directmedia LayerCanonical Ubuntu LinuxDebian Linux+2 more
Timeline
PublishedFeb 8
Latest updateMay 13

Description

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDlibsdl/simple_directmedia_layer2.0.02.0.9+1
NVDopensuse/leap15.0, 15.1, 42.3+2

Also affects: Debian Linux 8.0, 9.0, Fedora 31, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.04

Patches

Patch: bugzilla.libsdl.orgPatch: bugzilla.libsdl.org

🔴Vulnerability Details

4
GHSA
GHSA-35v5-c7c4-jcvm: SDL (Simple DirectMedia Layer) through 12022-05-13
OSV
SDL 2.0 vulnerabilities2019-09-30
CVEList
CVE-2019-7637: SDL (Simple DirectMedia Layer) through 12019-02-08
OSV
CVE-2019-7637: SDL (Simple DirectMedia Layer) through 12019-02-08

📋Vendor Advisories

5
Ubuntu
SDL vulnerabilities2019-10-16
Ubuntu
SDL vulnerabilities2019-10-15
Ubuntu
SDL 2.0 vulnerabilities2019-09-30
Red Hat
SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c2019-02-07
Debian
CVE-2019-7637: libsdl1.2 - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-b...2019

💬Community

2
Bugzilla
CVE-2019-7637 SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c2019-02-14
Bugzilla
CVE-2019-7637 SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c [fedora-all]2019-02-14
CVE-2019-7637 — Out-of-bounds Write | cvebase