CVE-2019-14906

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-14906
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14906.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-14906
Downstream
Published
2020-01-07T21:15:10.417Z
Modified
2026-02-12T07:29:04.932282Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.

References

Affected packages

Git / github.com/libsdl-org/sdl

Affected ranges

Type
GIT
Repo
https://github.com/libsdl-org/sdl
Events
Introduced
1ad936eb29cf4506a7a103e8288d732f23e9c2b0
Last affected
c49ecf6f7c10b668ebd87b89dfc3c7bfd215cb75

Affected versions

release-2.*
release-2.0.0
release-2.0.1
release-2.0.2
release-2.0.3
release-2.0.4
release-2.0.5
release-2.0.6
release-2.0.7
release-2.0.8
release-2.0.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14906.json"