CVE-2019-14906
SDL: not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:3950
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.
Se encontró un fallo con la errata de RHSA-2019: 3950, donde no se corrigió la vulnerabilidad SDL CVE-2019-13616. Este problema solo afecta a los paquetes SDL de Red Hat, SDL versiones hasta la versión 1.2.15 y versiones 2.x hasta la versión 2.0.9, tienen un fallo de desbordamiento de búfer en la región heap de la memoria mientras se copia una superficie existente en una nueva optimizada, debido a una falta de comprobación mientras la carga de una imagen BMP, es posible. Una aplicación que usa SDL para analizar archivos de entrada no confiables puede ser vulnerable a este fallo, lo que podría permitir a un atacante hacer que la aplicación se bloquee o ejecute código.
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. A heap-based buffer overflow flaw, in SDL while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-10 CVE Reserved
- 2019-12-02 CVE Published
- 2024-02-16 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906 | 2023-02-12 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2019-14906 | 2019-12-02 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1777372 | 2019-12-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Libsdl Search vendor "Libsdl" | Simple Directmedia Layer Search vendor "Libsdl" for product "Simple Directmedia Layer" | <= 1.2.15 Search vendor "Libsdl" for product "Simple Directmedia Layer" and version " <= 1.2.15" | - |
Affected
| ||||||
Libsdl Search vendor "Libsdl" | Simple Directmedia Layer Search vendor "Libsdl" for product "Simple Directmedia Layer" | >= 2.0.0 <= 2.0.9 Search vendor "Libsdl" for product "Simple Directmedia Layer" and version " >= 2.0.0 <= 2.0.9" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
|