CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-12216
https://notcve.org/view.php?id=CVE-2019-12216
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. Se detectó un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9 cuando se usa junto con libSDL2_image.a en SDL2_image 2.0.4. Hay un desbordamiento de búfer basado en saturación en la función IMG_LoadPCX_RW SDL2_image at IMG_pcx.c. • https://bugzilla.libsdl.org/show_bug.cgi?id=4619 https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW https://usn.ubuntu.com/4238-1 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 1CVE-2019-7637 – SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c
https://notcve.org/view.php?id=CVE-2019-7637
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene un desbordamiento de búfer basado en memoria dinámica (heap) en SDL_FillRect en video/SDL_surface.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00081.html https://bugzilla.libsdl.org/show_bug.cgi?id=4497 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 htt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 15EXPL: 1CVE-2019-7635 – SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c
https://notcve.org/view.php?id=CVE-2019-7635
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en Blit1to4 en video/SDL_blit_1.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html https://bugzilla.libsdl.org/show_bug.cgi?id=4498 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 htt • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: 12EXPL: 1CVE-2019-7636 – SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c
https://notcve.org/view.php?id=CVE-2019-7636
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en SDL_GetRGB en video/SDL_pixels.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html https://bugzilla.libsdl.org/show_bug.cgi?id=4499 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html https:/& • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2019-7638 – SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c
https://notcve.org/view.php?id=CVE-2019-7638
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en Map1toN en video/SDL_pixels.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html https://bugzilla.libsdl.org/show_bug.cgi?id=4500 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html https:/& • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •