Vulnerability - CVE-2019-13616

Name

CVE-2019-13616

Source

NVD ( link)Debian ( link)

Description

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

CWEs

CWE-125

Published Date

Jul 16, 2019

Updated Date

Jun 17, 2026

Workaround

Advisories

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.htmlMailing List

https://access.redhat.com/errata/RHSA-2019:3950Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3951Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0293Third Party Advisory

https://bugzilla.libsdl.org/show_bug.cgi?id=4538Exploit

https://lists.debian.org/debian-lts-announce/2021/01/msg00024.htmlMailing List

https://lists.debian.org/debian-lts-announce/2021/10/msg00032.htmlMailing List

https://lists.debian.org/debian-lts-announce/2023/02/msg00008.htmlMailing List

https://usn.ubuntu.com/4156-1/Third Party Advisory

https://usn.ubuntu.com/4156-2/Third Party Advisory

https://usn.ubuntu.com/4238-1/Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.htmlMailing List

https://access.redhat.com/errata/RHSA-2019:3950Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3951Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0293Third Party Advisory

https://bugzilla.libsdl.org/show_bug.cgi?id=4538Exploit

https://lists.debian.org/debian-lts-announce/2021/01/msg00024.htmlMailing List

https://lists.debian.org/debian-lts-announce/2021/10/msg00032.htmlMailing List

https://lists.debian.org/debian-lts-announce/2023/02/msg00008.htmlMailing List

https://usn.ubuntu.com/4156-1/Third Party Advisory

https://usn.ubuntu.com/4156-2/Third Party Advisory

https://usn.ubuntu.com/4238-1/Third Party Advisory

Analysis#

Affected Component

Analysis

libsdl

Exploitable

Vulnerability Ratings#

8.1

CVSSv31

5.8

CVSSv2

Others affected components#

Name

Project

Project Version

Version

Status

sdl

buildroot

2025.02.x

1.2.15

Exploitable

sdl2

buildroot

2025.02.x

2.30.12

Not Affected

sdl

buildroot

master

1.2.15

Exploitable

sdl2

buildroot

master

2.32.10

Not Affected

libsdl

yocto

master

1.2.15

Exploitable

libsdl2

yocto

master

2.32.10

Not Affected

libsdl

yocto

scarthgap

1.2.15

Exploitable

libsdl2

yocto

scarthgap

2.30.1

Not Affected