CVE-2019-13616 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-890 | sdl | 1.2.15-10 | 1.2.15-13 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 11 Oct 2019 | ASA-201910-8 | AVG-890 | sdl | High | arbitrary code execution |
| References |
|---|
https://bugzilla.libsdl.org/show_bug.cgi?id=4538 https://hg.libsdl.org/SDL/rev/ad1bbfbca760 |