CVE-2019-14906
Last modified
CVE-2019-14906 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. EPSS estimates a 1.75% chance of exploitation in the next 30 days.
Description
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Libsdl | Simple Directmedia Layer | <= 1.2.15 |
| Libsdl | Simple Directmedia Layer | >= 2.0.0, <= 2.0.9 |
| Redhat | Enterprise Linux | 7.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906Issue Tracking, Patch, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906Issue Tracking, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-14906?
How severe is CVE-2019-14906?
How do I fix CVE-2019-14906?
Are you affected by CVE-2019-14906?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST