Denial of service in Simple Direct Media Layer

Published: 2019-02-14 13:59:02
Severity Low
Patch available NO
Number of vulnerabilities 11
CVE ID CVE-2019-7636
CVE-2019-7635
CVE-2019-7573
CVE-2019-7572
CVE-2019-7577
CVE-2019-7638
CVE-2019-7637
CVE-2019-7574
CVE-2019-7576
CVE-2019-7575
CVE-2019-7578
CVSSv3 6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]
6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]
6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]
6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]
6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]
6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]
6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]
6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]
6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]
6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]
6.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]
CWE ID CWE-125
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #6 is available.
Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #9 is available.
Public exploit code for vulnerability #10 is available.
Public exploit code for vulnerability #11 is available.
Vulnerable software Simple DirectMedia Layer
Vulnerable software versions Simple DirectMedia Layer 2.0.9
Simple DirectMedia Layer 2.0.8
Simple DirectMedia Layer 2.0.7

Show more

Vendor URL zlib license

Security Advisory

1) Heap out-of-bounds read

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read condition in the SDL_GetRGB function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

External links

https://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

2) Heap out-of-bounds read

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read condition in the Blit1to4 function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

External links

https://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

3) Heap out-of-bounds read

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read condition in the InitMS_ADPCM function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

External links

https://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

4) Heap out-of-bounds read

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read condition in the IMA_ADPCM_nibble function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

External links

https://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

5) Heap out-of-bounds read

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read condition in the SDL_LoadWAV_RW function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

External links

https://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

6) Heap out-of-bounds read

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read condition in the Map1toN function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

External links

https://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

7) Heap out-of-bounds read

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read condition in the SDL_FillRect function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

External links

https://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

8) Heap out-of-bounds read

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read condition in the IMA_ADPCM_decode function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

External links

https://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

9) Heap out-of-bounds read

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read condition in the InitMS_ADPCM function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

External links

https://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

10) Heap out-of-bounds read

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read condition in the MS_ADPCM_decode function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

External links

https://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

11) Heap out-of-bounds read

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read condition in the in the InitlMA_ADPCM function. A remote attacker can trick the victim into accessing a crafted image file and perform a denial of service attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

External links

https://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

Back to List