Page 2 of 26 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-14906 – SDL: not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:3950

https://notcve.org/view.php?id=CVE-2019-14906

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code. Se encontró un fallo con la errata de RHSA-2019: 3950, donde no se corrigió la vulnerabilidad SDL CVE-2019-13616. Este problema solo afecta a los paquetes SDL de Red Hat, SDL versiones hasta la versión 1.2.15 y versiones 2.x hasta la versión 2.0.9, tienen un fallo de desbordamiento de búfer en la región heap de la memoria mientras se copia una superficie existente en una nueva optimizada, debido a una falta de comprobación mientras la carga de una imagen BMP, es posible. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906 https://access.redhat.com/security/cve/CVE-2019-14906 https://bugzilla.redhat.com/show_bug.cgi?id=1777372 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 1

CVE-2019-13616 – SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c

https://notcve.org/view.php?id=CVE-2019-13616

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. hasta 2.0.9, presenta una lectura excesiva del búfer en la región heap de la memoria en BlitNtoN en el archivo video/SDL_blit_N.c cuando es llamado desde SDL_SoftBlit en el archivo video/SDL_blit.c. A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html https://access.redhat.com/errata/RHSA-2019:3950 https:/ • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-12222

https://notcve.org/view.php?id=CVE-2019-12222

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c. Se descubrió un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9. Hay una lectura fuera de límites en la función SDL_InvalidateMap at video/SDL_pixels.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html https://bugzilla.libsdl.org/show_bug.cgi?id=4621 https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO https://lists.fedoraproject.org/archives/list/package • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1

CVE-2019-12221

https://notcve.org/view.php?id=CVE-2019-12221

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. Se detectó un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9 cuando se usa junto con libSDL2_image.a en SDL2_image 2.0.4. Hay un SEGV en la función SDL SDL_free_REAL at stdlib / SDL_malloc.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html https://bugzilla.libsdl.org/show_bug.cgi?id=4628 https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO https://lists.fedoraproject.org/archives/list/package • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2019-12220

https://notcve.org/view.php?id=CVE-2019-12220

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c. Se detectó un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9 cuando se usa junto con libSDL2_image.a en SDL2_image 2.0.4. Hay una lectura de fuera de límites en la función SDL_FreePalette_REAL de SDL at video / SDL_pixels.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html https://bugzilla.libsdl.org/show_bug.cgi?id=4627 https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO https://lists.fedoraproject.org/archives/list/package • CWE-125: Out-of-bounds Read •