CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-14906

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1710%
EPSS Percentile19.70th
Published2020年1月7日
Last Modified2024年11月21日

Vulnerability Description

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.

Affected Platforms (CPE)

📦
Libsdl

Simple Directmedia Layer

<= 1.2.15
📦
Libsdl

Simple Directmedia Layer

>= 2.0.0 and <= 2.0.9
💻
Redhat

Enterprise Linux

= 7.0

References & Advisories

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906

相关漏洞威胁

CVE-2019-75738.8

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL...

CVE-2018-38398.8

An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image...

CVE-2019-75728.8

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c...

CVE-2019-75748.8

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio...