CVE-2019-7637

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.

References

https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

https://bugzilla.libsdl.org/show_bug.cgi?id=4497

https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html

https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00081.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00071.html

https://usn.ubuntu.com/4143-1/

https://usn.ubuntu.com/4156-1/

https://usn.ubuntu.com/4156-2/

https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html

https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/

https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html

https://lists.debian.org/debian-lts-announce/2021/10/msg00031.html

Details

Source: MITRE

Published: 2019-02-08

Updated: 2021-11-30

Type: CWE-787

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:* versions from 2.0.0 to 2.0.9 (inclusive)

cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:* versions up to 1.2.15 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
154753Debian DLA-2804-1 : libsdl1.2 - LTS security updateNessusDebian Local Security Checks
high
154751Debian DLA-2803-1 : libsdl2 - LTS security updateNessusDebian Local Security Checks
high
154584NewStart CGSL CORE 5.05 / MAIN 5.05 : SDL Multiple Vulnerabilities (NS-SA-2021-0168)NessusNewStart CGSL Local Security Checks
high
147263NewStart CGSL MAIN 6.02 : SDL Multiple Vulnerabilities (NS-SA-2021-0077)NessusNewStart CGSL Local Security Checks
high
147259NewStart CGSL CORE 5.04 / MAIN 5.04 : SDL Multiple Vulnerabilities (NS-SA-2021-0042)NessusNewStart CGSL Local Security Checks
high
146035CentOS 8 : SDL (CESA-2020:4627)NessusCentOS Local Security Checks
high
143077RHEL 7 : SDL (RHSA-2020:3868)NessusRed Hat Local Security Checks
high
142805Oracle Linux 8 : SDL (ELSA-2020-4627)NessusOracle Linux Local Security Checks
high
142387RHEL 8 : SDL (RHSA-2020:4627)NessusRed Hat Local Security Checks
high
141985Amazon Linux 2 : SDL (ALAS-2020-1500)NessusAmazon Linux Local Security Checks
high
141691Scientific Linux Security Update : SDL on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
high
141585CentOS 7 : SDL (CESA-2020:3868)NessusCentOS Local Security Checks
high
141228Oracle Linux 7 : SDL (ELSA-2020-3868)NessusOracle Linux Local Security Checks
high
133882Fedora 31 : mingw-SDL (2020-24652fe41c)NessusFedora Local Security Checks
high
129968Ubuntu 16.04 LTS / 18.04 LTS : SDL vulnerabilities (USN-4156-1)NessusUbuntu Local Security Checks
high
129489Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : SDL 2.0 vulnerabilities (USN-4143-1)NessusUbuntu Local Security Checks
high
126325openSUSE Security Update : SDL2 (openSUSE-2019-1633)NessusSuSE Local Security Checks
high
126324openSUSE Security Update : SDL2 (openSUSE-2019-1632)NessusSuSE Local Security Checks
high
126159SUSE SLED15 / SLES15 Security Update : SDL2 (SUSE-SU-2019:1605-1)NessusSuSE Local Security Checks
high
124793EulerOS Virtualization 3.0.1.0 : SDL (EulerOS-SA-2019-1469)NessusHuawei Local Security Checks
high
124629EulerOS 2.0 SP3 : SDL (EulerOS-SA-2019-1343)NessusHuawei Local Security Checks
high
124267openSUSE Security Update : SDL2 (openSUSE-2019-1261)NessusSuSE Local Security Checks
high
124144openSUSE Security Update : SDL (openSUSE-2019-1223)NessusSuSE Local Security Checks
high
124106openSUSE Security Update : SDL (openSUSE-2019-1213)NessusSuSE Local Security Checks
high
124083SUSE SLED15 / SLES15 Security Update : SDL2 (SUSE-SU-2019:0950-1)NessusSuSE Local Security Checks
high
123968SUSE SLED15 / SLES15 Security Update : SDL (SUSE-SU-2019:0917-1)NessusSuSE Local Security Checks
high
123925SUSE SLED12 / SLES12 Security Update : SDL (SUSE-SU-2019:0899-1)NessusSuSE Local Security Checks
high
123625EulerOS 2.0 SP5 : SDL (EulerOS-SA-2019-1151)NessusHuawei Local Security Checks
high
123600EulerOS 2.0 SP2 : SDL (EulerOS-SA-2019-1126)NessusHuawei Local Security Checks
high
123553SUSE SLES11 Security Update : SDL (SUSE-SU-2019:13998-1)NessusSuSE Local Security Checks
high
122829Debian DLA-1714-2 : libsdl2 regression updateNessusDebian Local Security Checks
high
122828Debian DLA-1713-2 : libsdl1.2 regression updateNessusDebian Local Security Checks
high
122561Fedora 28 : SDL (2019-6092f8c0dc)NessusFedora Local Security Checks
high
122439Fedora 29 : SDL (2019-7a554204c1)NessusFedora Local Security Checks
high