Описание
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.
Меры по смягчению последствий
If the application accepts untrusted BMP files there is no known mitigation apart from applying the patch.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | SDL | Out of support scope | ||
| Red Hat Enterprise Linux 6 | SDL | Out of support scope | ||
| Red Hat Enterprise Linux 7 | SDL | Fixed | RHSA-2019:3950 | 25.11.2019 |
| Red Hat Enterprise Linux 8 | SDL | Fixed | RHSA-2019:3951 | 25.11.2019 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | SDL | Fixed | RHSA-2020:0293 | 30.01.2020 |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...
8.1 High
CVSS3