PT-2019-5618 · Simple Directmedia Layer+6 · Sdl+6

Avital Ostromich

·

Published

2019-02-07

·

Updated

2025-07-03

·

CVE-2019-7636

CVSS v3.1

8.1

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions SDL (Simple DirectMedia Layer) versions 1.2.0 through 1.2.15 SDL (Simple DirectMedia Layer) versions 2.0.0 through 2.0.9
Description The issue is related to a heap-based buffer over-read in the SDL GetRGB function, located in video/SDL pixels.c. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For versions 1.2.0 through 1.2.15, consider updating to a version that fixes the heap-based buffer over-read issue in the SDL GetRGB function. For versions 2.0.0 through 2.0.9, consider updating to a version that fixes the heap-based buffer over-read issue in the SDL GetRGB function. As a temporary workaround, consider disabling the SDL GetRGB function until a patch is available.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-2572
ALT-PU-2019-3262
BDU:2020-04718
CESA-2020_3868
CESA-2020_4627
CVE-2019-7636
DLA-1713-1
DLA-1713-2
DLA-1714-1
DLA-1714-2
DLA-2536-1
DLA-2804-1
DLA-3314-1
MGASA-2019-0239
OPENSUSE-SU-2019:1223-1
OPENSUSE-SU-2019:1261-1
OPENSUSE-SU-2019_1213-1
OPENSUSE-SU-2019_1223-1
OPENSUSE-SU-2019_1261-1
OPENSUSE-SU-2024:10606-1
OPENSUSE-SU-2024:13582-1
OPENSUSE-SU-2025:15205-1
OPENSUSE-SU-2025:15206-1
RHSA-2020:3868
RHSA-2020:4627
RHSA-2020_3868
RHSA-2020_4627
SUSE-SU-2019:0899-1
SUSE-SU-2019:0917-1
SUSE-SU-2019:0950-1
SUSE-SU-2019:13998-1
SUSE-SU-2019_13998-1
USN-4143-1
USN-4156-1
USN-4156-2

Affected Products

Alt Linux
Astra Linux
Centos
Red Hat
Sdl
Suse
Ubuntu