CVE-2019-14906

Name of the Vulnerable Software and Affected Versions SDL versions prior to 1.2.15 SDL versions 2.x prior to 2.0.9

Description A heap-based buffer overflow flaw exists while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image. This issue affects applications that use SDL to parse untrusted input files, which could allow an attacker to make the application crash or execute code.

Recommendations For SDL versions prior to 1.2.15, update to a version later than 1.2.15 to resolve the issue. For SDL versions 2.x prior to 2.0.9, update to a version later than 2.0.9 to resolve the issue. As a temporary workaround, consider restricting the use of SDL for parsing untrusted input files until a patch is available.