CVE-2019-14906

Published: Jan 7, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.

Affected (3)

Products: Libsdl: Simple Directmedia Layer · Redhat: Enterprise Linux

1 product

Simple Directmedia Layer

1 product

Enterprise Linux

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Libsdl Simple Directmedia Layer	Up to 1.2.15
Libsdl Simple Directmedia Layer	From 2.0.0 to 2.0.9

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

Timeline

No history available yet.