Lucene search

[email protected]CVE-2019-7635

HistoryFeb 08, 2019 - 11:29 a.m.

CVE-2019-7635

2019-02-0811:29:00

CWE-125

[email protected]

web.nvd.nist.gov

196

cve-2019-7635

sdl

simple directmedia layer

buffer over-read

nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

8.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.6%

JSON

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

Affected configurations

NVD

Node

libsdlsimple_directmedia_layerRange≤1.2.15

libsdlsimple_directmedia_layerRange2.0.0–2.0.9

Node

opensusebackports_sleMatch15.0-

opensusebackports_sleMatch15.0sp1

opensuseleapMatch15.0

opensuseleapMatch15.1

opensuseleapMatch42.3

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

fedoraprojectfedoraMatch31

Node

canonicalubuntu_linuxMatch12.04-

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.04

CPENameOperatorVersion
libsdl:simple_directmedia_layerlibsdl simple directmedia layerle1.2.15
libsdl:simple_directmedia_layerlibsdl simple directmedia layerle2.0.9

CPE	Name	Operator	Version
libsdl:simple_directmedia_layer	libsdl simple directmedia layer	le	1.2.15
libsdl:simple_directmedia_layer	libsdl simple directmedia layer	le	2.0.9

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html

bugzilla.libsdl.org/show_bug.cgi?id=4498

discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

lists.debian.org/debian-lts-announce/2019/03/msg00015.html

lists.debian.org/debian-lts-announce/2019/03/msg00016.html

lists.debian.org/debian-lts-announce/2019/07/msg00021.html

lists.debian.org/debian-lts-announce/2019/07/msg00026.html

lists.debian.org/debian-lts-announce/2019/10/msg00020.html

lists.debian.org/debian-lts-announce/2019/10/msg00021.html

lists.debian.org/debian-lts-announce/2021/01/msg00024.html

lists.debian.org/debian-lts-announce/2021/10/msg00032.html

lists.debian.org/debian-lts-announce/2023/02/msg00008.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/

security.gentoo.org/glsa/201909-07

security.gentoo.org/glsa/202305-17

usn.ubuntu.com/4143-1/

usn.ubuntu.com/4156-1/

usn.ubuntu.com/4156-2/

usn.ubuntu.com/4238-1/

Social References

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

8.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.6%

JSON

Related for CVE-2019-7635

ubuntucve1 debiancve1 veracode1 alpinelinux1 cvelist1 prion1 osv8 nvd1 redhatcve1 ubuntu4 openvas32 nessus42 suse5 debian9 archlinux2 oraclelinux2 redhat2 centos1 fedora6 amazon1 mageia3 gentoo2 almalinux1