CVE-2019-13616

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html

https://access.redhat.com/errata/RHSA-2019:3950

https://access.redhat.com/errata/RHSA-2019:3951

https://access.redhat.com/errata/RHSA-2020:0293

https://bugzilla.libsdl.org/show_bug.cgi?id=4538

https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/

https://lists.fedoraproject.org/archives/list/[email protected]/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/

https://lists.fedoraproject.org/archives/list/[email protected]/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/

https://lists.fedoraproject.org/archives/list/[email protected]/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/

https://lists.fedoraproject.org/archives/list/[email protected]/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/

https://usn.ubuntu.com/4156-1/

https://usn.ubuntu.com/4156-2/

https://usn.ubuntu.com/4238-1/

Details

Source: MITRE

Published: 2019-07-16

Updated: 2021-04-05

Type: CWE-125

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Impact Score: 5.2

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:* versions up to 1.2.15 (inclusive)

cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:* versions from 2.0.0 to 2.0.9 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*

cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 6

OR

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
145772Debian DLA-2536-1 : libsdl2 security updateNessusDebian Local Security Checks
high
145604CentOS 8 : SDL (CESA-2019:3951)NessusCentOS Local Security Checks
high
143776SUSE SLED15 / SLES15 Security Update : SDL (SUSE-SU-2020:3261-1)NessusSuSE Local Security Checks
high
143771SUSE SLES12 Security Update : SDL (SUSE-SU-2020:3030-1)NessusSuSE Local Security Checks
high
143179openSUSE Security Update : SDL (openSUSE-2020-1990)NessusSuSE Local Security Checks
high
142942openSUSE Security Update : SDL (openSUSE-2020-1916)NessusSuSE Local Security Checks
high
138249SUSE SLED15 / SLES15 Security Update : SDL2 (SUSE-SU-2019:2463-2)NessusSuSE Local Security Checks
high
137959EulerOS Virtualization 3.0.6.0 : SDL (EulerOS-SA-2020-1740)NessusHuawei Local Security Checks
high
133882Fedora 31 : mingw-SDL (2020-24652fe41c)NessusFedora Local Security Checks
high
133587Fedora 31 : mingw-SDL2 (2020-ff2fe47ba4)NessusFedora Local Security Checks
high
133385RHEL 8 : SDL (RHSA-2020:0293)NessusRed Hat Local Security Checks
high
132933Ubuntu 16.04 LTS / 18.04 LTS : SDL_image vulnerabilities (USN-4238-1)NessusUbuntu Local Security Checks
high
132263Amazon Linux 2 : SDL (ALAS-2019-1375)NessusAmazon Linux Local Security Checks
critical
131860EulerOS 2.0 SP2 : SDL (EulerOS-SA-2019-2368)NessusHuawei Local Security Checks
high
131679Scientific Linux Security Update : SDL on SL7.x x86_64 (20191202)NessusScientific Linux Local Security Checks
critical
131373Oracle Linux 8 : SDL (ELSA-2019-3951)NessusOracle Linux Local Security Checks
high
131299RHEL 8 : SDL (RHSA-2019:3951)NessusRed Hat Local Security Checks
high
131298RHEL 7 : SDL (RHSA-2019:3950)NessusRed Hat Local Security Checks
high
130827EulerOS 2.0 SP8 : SDL2 (EulerOS-SA-2019-2118)NessusHuawei Local Security Checks
high
130826EulerOS 2.0 SP8 : SDL (EulerOS-SA-2019-2117)NessusHuawei Local Security Checks
high
130703EulerOS 2.0 SP3 : SDL (EulerOS-SA-2019-2241)NessusHuawei Local Security Checks
high
130649EulerOS 2.0 SP5 : SDL (EulerOS-SA-2019-2187)NessusHuawei Local Security Checks
high
130215Amazon Linux 2 : SDL2 (ALAS-2019-1318)NessusAmazon Linux Local Security Checks
high
129968Ubuntu 16.04 LTS / 18.04 LTS : SDL vulnerabilities (USN-4156-1)NessusUbuntu Local Security Checks
high
129802Fedora 29 : SDL2 (2019-8ef33a69ca)NessusFedora Local Security Checks
high
129658Fedora 31 : SDL (2019-f5558abfef)NessusFedora Local Security Checks
high
129486openSUSE Security Update : SDL2 (openSUSE-2019-2226)NessusSuSE Local Security Checks
high
129484openSUSE Security Update : SDL2 (openSUSE-2019-2224)NessusSuSE Local Security Checks
high
129383SUSE SLED15 / SLES15 Security Update : SDL2 (SUSE-SU-2019:2463-1)NessusSuSE Local Security Checks
high
128582Fedora 29 : SDL (2019-e08f78d4a6)NessusFedora Local Security Checks
high
128565Fedora 30 : SDL (2019-446ca9f695)NessusFedora Local Security Checks
high
128540openSUSE Security Update : SDL_image (openSUSE-2019-2071)NessusSuSE Local Security Checks
high
128539openSUSE Security Update : SDL2_image (openSUSE-2019-2070)NessusSuSE Local Security Checks
high