Description
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
References (22)
Core 22
Core References
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4156-1/
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4156-2/
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2019:3951
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2019:3950
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4238-1/
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2020:0293
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202305-17
Exploit, Issue Tracking, Vendor Advisory
https://bugzilla.libsdl.org/show_bug.cgi?id=4538
Scores
CVSS v3
8.1
EPSS
0.0894
EPSS Percentile
92.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (21)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
29
fedoraproject/fedora
30
fedoraproject/fedora
31
libsdl/simple_directmedia_layer
< 1.2.15
... and 11 more
Published
Jul 16, 2019
Tracked Since
Feb 18, 2026