PT-2019-5617 · Simple Directmedia Layer+6 · Sdl+6

Avital Ostromich

·

Published

2019-02-07

·

Updated

2025-07-03

·

CVE-2019-7635

CVSS v3.1

8.1

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier SDL (Simple DirectMedia Layer) versions 2.x through 2.0.9
Description The issue is related to a heap-based buffer over-read in the Blit1to4 function located in video/SDL blit 1.c of the Simple DirectMedia Layer library. This could potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier, update to a version later than 1.2.15. For SDL (Simple DirectMedia Layer) versions 2.x through 2.0.9, update to a version later than 2.0.9. As a temporary workaround, consider disabling the Blit1to4 function in video/SDL blit 1.c until a patch is available.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-2572
ALT-PU-2019-3262
BDU:2020-04717
CESA-2020_3868
CESA-2020_4627
CVE-2019-7635
DLA-1713-1
DLA-1713-2
DLA-1714-1
DLA-1714-2
DLA-1861-1
DLA-1865-1
DLA-2536-1
DLA-2804-1
DLA-3314-1
MGASA-2019-0127
MGASA-2019-0239
MGASA-2019-0363
OPENSUSE-SU-2019:1223-1
OPENSUSE-SU-2019:1261-1
OPENSUSE-SU-2019:2071-1
OPENSUSE-SU-2019:2109-1
OPENSUSE-SU-2019_1213-1
OPENSUSE-SU-2019_1223-1
OPENSUSE-SU-2019_1261-1
OPENSUSE-SU-2019_2071-1
OPENSUSE-SU-2024:10606-1
OPENSUSE-SU-2024:10607-1
OPENSUSE-SU-2024:10609-1
OPENSUSE-SU-2025:15205-1
OPENSUSE-SU-2025:15206-1
RHSA-2020:3868
RHSA-2020:4627
RHSA-2020_3868
RHSA-2020_4627
SUSE-SU-2019:0899-1
SUSE-SU-2019:0917-1
SUSE-SU-2019:0950-1
SUSE-SU-2019:13998-1
SUSE-SU-2019_13998-1
USN-4143-1
USN-4156-1
USN-4156-2
USN-4238-1

Affected Products

Alt Linux
Astra Linux
Centos
Red Hat
Sdl
Suse
Ubuntu