CVE-2019-13616 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.
Group Package Affected Fixed Severity Status Ticket
AVG-890 sdl 1.2.15-10 1.2.15-13 High Fixed
Date Advisory Group Package Severity Description
11 Oct 2019 ASA-201910-8 AVG-890 sdl High arbitrary code execution
References
https://bugzilla.libsdl.org/show_bug.cgi?id=4538
https://hg.libsdl.org/SDL/rev/ad1bbfbca760