Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-14906

Опубликовано: 25 нояб. 2019
Источник: redhat
CVSS3: 8.1
EPSS Низкий

Описание

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. A heap-based buffer overflow flaw, in SDL while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5SDLNot affected
Red Hat Enterprise Linux 6SDLNot affected
Red Hat Enterprise Linux 8SDLNot affected
Red Hat Enterprise Linux 7SDLFixedRHSA-2019:402402.12.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-787
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1777372SDL: not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:3950

EPSS

Процентиль: 80%
0.01371
Низкий

8.1 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-14906

CVSS3: 9.8
nvd
около 6 лет назад

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.

github логотип

GHSA-2w82-mm6w-3vc9

CVSS3: 9.8
github
больше 3 лет назад

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.

oracle-oval логотип

ELSA-2019-4024

oracle-oval
около 6 лет назад

ELSA-2019-4024: SDL security update (IMPORTANT)

EPSS

Процентиль: 80%
0.01371
Низкий

8.1 High

CVSS3