Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-14906

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.

Published

2020-01-07T21:15:10.417

Last Modified

2024-11-21T04:27:39.593

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-125
CWE-787
Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	libsdl	simple_directmedia_layer	≤ 1.2.15	Yes
Application	libsdl	simple_directmedia_layer	≤ 2.0.9	Yes
Operating System	redhat	enterprise_linux	7.0	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906 Issue Tracking, Patch, Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906 Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)