| Severity | Low |
| Patch available | NO |
| Number of vulnerabilities | 11 |
| CVE ID | CVE-2019-7636 CVE-2019-7635 CVE-2019-7573 CVE-2019-7572 CVE-2019-7577 CVE-2019-7638 CVE-2019-7637 CVE-2019-7574 CVE-2019-7576 CVE-2019-7575 CVE-2019-7578 |
| CVSSv3 |
6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C] |
| CWE ID |
CWE-125 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #11 is available. |
| Vulnerable software |
Simple DirectMedia Layer |
| Vulnerable software versions |
Simple DirectMedia Layer 2.0.9 Simple DirectMedia Layer 2.0.8 Simple DirectMedia Layer 2.0.7 Show more |
| Vendor URL | zlib license |
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the SDL_GetRGB function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
RemediationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
External linkshttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the Blit1to4 function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
RemediationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
External linkshttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the InitMS_ADPCM function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
RemediationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
External linkshttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the IMA_ADPCM_nibble function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
RemediationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
External linkshttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the SDL_LoadWAV_RW function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
RemediationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
External linkshttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the Map1toN function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
RemediationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
External linkshttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the SDL_FillRect function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
RemediationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
External linkshttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the IMA_ADPCM_decode function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
RemediationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
External linkshttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the InitMS_ADPCM function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
RemediationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
External linkshttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the MS_ADPCM_decode function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
RemediationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
External linkshttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read condition in the in the InitlMA_ADPCM function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.
RemediationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
External linkshttps://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720