CVE-2019-7636

HIGH

SDL <2.0.10 - Buffer Overflow

Title source: llm

Description

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.

References (18)

Core 18

Core References

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html

Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/201909-07

Third Party Advisory vendor-advisory

https://usn.ubuntu.com/4143-1/

Third Party Advisory vendor-advisory

https://usn.ubuntu.com/4156-1/

Third Party Advisory vendor-advisory

https://usn.ubuntu.com/4156-2/

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html

Mailing List mailing-list

https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html

Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/202305-17

Exploit, Issue Tracking, Vendor Advisory

https://bugzilla.libsdl.org/show_bug.cgi?id=4499

Vendor Advisory

https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

Scores

CVSS v3 8.1

EPSS 0.0969

EPSS Percentile 93.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Details

CWE

CWE-125

Status published

Products (11)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.04

debian/debian_linux 8.0

debian/debian_linux 9.0

fedoraproject/fedora 31

libsdl/simple_directmedia_layer < 1.2.15

opensuse/leap 15.0

... and 1 more

Published Feb 08, 2019

Tracked Since Feb 18, 2026