Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2019-13616

Public on 2019-07-16
Modified on 2019-12-18
Description

A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.

Severity
Important
See what this means
CVSS v3 Base Score
8.1
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core SDL 2019-12-13 19:38 ALAS2-2019-1375
Amazon Linux 2 - Core SDL2 2019-10-21 18:01 ALAS2-2019-1318

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv2 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P
NVD CVSSv3 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References

Red Hat: CVE-2019-13616 Mitre: CVE-2019-13616 FAQs regarding Amazon Linux ALAS/CVE Severity