| Severity | Medium |
| Patch available | NO |
| Number of vulnerabilities | 20 |
| CVE ID | CVE-2019-7636 CVE-2019-7635 CVE-2019-7573 CVE-2019-7572 CVE-2019-7577 CVE-2019-7638 CVE-2019-7637 CVE-2019-7574 CVE-2019-7576 CVE-2019-7575 CVE-2019-7578 CVE-2019-12221 CVE-2019-12219 CVE-2019-12222 CVE-2019-12220 CVE-2019-12218 CVE-2019-12217 CVE-2019-12216 CVE-2019-13626 CVE-2019-13616 |
| CWE ID | CWE-125 CWE-119 CWE-476 CWE-122 CWE-190 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #11 is available. Public exploit code for vulnerability #12 is available. Public exploit code for vulnerability #13 is available. Public exploit code for vulnerability #14 is available. Public exploit code for vulnerability #15 is available. Public exploit code for vulnerability #16 is available. Public exploit code for vulnerability #17 is available. Public exploit code for vulnerability #18 is available. Public exploit code for vulnerability #19 is available. Public exploit code for vulnerability #20 is available. |
| Vulnerable software |
Simple DirectMedia Layer Subscribe
|
| Vendor | zlib license |
Severity: Low
CVSSv3: 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-7636
CWE-ID:
CWE-125 - Out-of-bounds Read
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the SDL_GetRGB function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-7635
CWE-ID:
CWE-125 - Out-of-bounds Read
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the Blit1to4 function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-7573
CWE-ID:
CWE-125 - Out-of-bounds Read
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the InitMS_ADPCM function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-7572
CWE-ID:
CWE-125 - Out-of-bounds Read
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the IMA_ADPCM_nibble function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-7577
CWE-ID:
CWE-125 - Out-of-bounds Read
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the SDL_LoadWAV_RW function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-7638
CWE-ID:
CWE-125 - Out-of-bounds Read
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the Map1toN function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-7637
CWE-ID:
CWE-125 - Out-of-bounds Read
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the SDL_FillRect function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-7574
CWE-ID:
CWE-125 - Out-of-bounds Read
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the IMA_ADPCM_decode function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-7576
CWE-ID:
CWE-125 - Out-of-bounds Read
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the InitMS_ADPCM function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-7575
CWE-ID:
CWE-125 - Out-of-bounds Read
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the MS_ADPCM_decode function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-7578
CWE-ID:
CWE-125 - Out-of-bounds Read
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the in the InitlMA_ADPCM function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 4.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-12221
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error when processing images in the SDL_free_REAL() function at stdlib/SDL_malloc.c. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger memory corruption and perform a denial of service (DoS) attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4628
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 4.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-12219
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error when processing images in the SDL_SetError_REAL() function in SDL_error.c. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger memory corruption and perform a denial of service (DoS) attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4625
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Medium
CVSSv3: 4.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-12222
CWE-ID:
CWE-125 - Out-of-bounds Read
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to an out-of-bounds read in libSDL2.a due to an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4621
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 4.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-12220
CWE-ID:
CWE-125 - Out-of-bounds Read
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to an out-of-bounds read in libSDL2.a due to an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4627
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 4.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-12218
CWE-ID:
CWE-476 - NULL Pointer Dereference
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4620
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 4.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-12217
CWE-ID:
CWE-476 - NULL Pointer Dereference
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in SDL stdio_read function in file/SDL_rwops.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4626
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Medium
CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-12216
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when #CONDITION#. A remote attacker can #CONDITION#, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4619
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Medium
CVSSv3: 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-13626
CWE-ID:
CWE-190 - Integer Overflow or Wraparound
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4522
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Medium
CVSSv3: 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] [PCI]
CVE-ID: CVE-2019-13616
CWE-ID:
CWE-125 - Out-of-bounds Read
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the "BlitNtoN" function in the "video/SDL_blit_N.c" file when called from the "SDL_SoftBlit" function in the "video/SDL_blit.c" file. A remote attacker can trick a victim to open a specially crafted file and perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSimple DirectMedia Layer: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9
CPEhttps://bugzilla.libsdl.org/show_bug.cgi?id=4538
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.