PT-2019-5619 · Simple Directmedia Layer+6 · Sdl+6

Avital Ostromich

·

Published

2019-02-07

·

Updated

2025-07-03

·

CVE-2019-7637

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier SDL (Simple DirectMedia Layer) versions 2.0.9 and earlier
Description The issue is related to a heap-based buffer overflow in the SDL FillRect function, located in video/SDL surface.c. This can potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier, update to a version later than 1.2.15 to resolve the issue. For SDL (Simple DirectMedia Layer) versions 2.0.9 and earlier, update to a version later than 2.0.9 to resolve the issue. As a temporary workaround, consider disabling the SDL FillRect function until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2019-2572
ALT-PU-2019-3262
BDU:2020-04719
CESA-2020_3868
CESA-2020_4627
CVE-2019-7637
DLA-1713-1
DLA-1713-2
DLA-1714-1
DLA-1714-2
DLA-2803-1
DLA-2804-1
MGASA-2019-0127
MGASA-2019-0239
OPENSUSE-SU-2019:1223-1
OPENSUSE-SU-2019:1261-1
OPENSUSE-SU-2019:1632-1
OPENSUSE-SU-2019:1633-1
OPENSUSE-SU-2019_1213-1
OPENSUSE-SU-2019_1223-1
OPENSUSE-SU-2019_1261-1
OPENSUSE-SU-2019_1632-1
OPENSUSE-SU-2019_1633-1
OPENSUSE-SU-2024:10606-1
OPENSUSE-SU-2024:13582-1
OPENSUSE-SU-2025:15205-1
OPENSUSE-SU-2025:15206-1
RHSA-2020:3868
RHSA-2020:4627
RHSA-2020_3868
RHSA-2020_4627
SUSE-SU-2019:0899-1
SUSE-SU-2019:0917-1
SUSE-SU-2019:0950-1
SUSE-SU-2019:13998-1
SUSE-SU-2019:1605-1
SUSE-SU-2019_13998-1
SUSE-SU-2019_1605-1
SUSE-SU-2022:14943-1
SUSE-SU-2022_14943-1
USN-4143-1
USN-4156-1
USN-4156-2

Affected Products

Alt Linux
Astra Linux
Centos
Red Hat
Sdl
Suse
Ubuntu