Logo
vulnerabilityCVE-2019-7636
Name
CVE-2019-7636
Source
NVD ( link)Debian ( link)
Description
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CWEs
CWE-125
Published Date
Updated Date
Workaround
-
Advisories
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.htmlMailing List
https://bugzilla.libsdl.org/show_bug.cgi?id=4499Exploit
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00015.htmlMailing List
https://lists.debian.org/debian-lts-announce/2019/03/msg00016.htmlMailing List
https://lists.debian.org/debian-lts-announce/2019/10/msg00020.htmlMailing List
https://lists.debian.org/debian-lts-announce/2019/10/msg00021.htmlMailing List
https://lists.debian.org/debian-lts-announce/2021/01/msg00024.htmlMailing List
https://lists.debian.org/debian-lts-announce/2021/10/msg00032.htmlMailing List
https://security.gentoo.org/glsa/201909-07Third Party Advisory
https://usn.ubuntu.com/4143-1/Third Party Advisory
https://usn.ubuntu.com/4156-1/Third Party Advisory
https://usn.ubuntu.com/4156-2/Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.htmlMailing List
https://bugzilla.libsdl.org/show_bug.cgi?id=4499Exploit
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00015.htmlMailing List
https://lists.debian.org/debian-lts-announce/2019/03/msg00016.htmlMailing List
https://lists.debian.org/debian-lts-announce/2019/10/msg00020.htmlMailing List
https://lists.debian.org/debian-lts-announce/2019/10/msg00021.htmlMailing List
https://lists.debian.org/debian-lts-announce/2021/01/msg00024.htmlMailing List
https://lists.debian.org/debian-lts-announce/2021/10/msg00032.htmlMailing List
https://security.gentoo.org/glsa/201909-07Third Party Advisory
https://usn.ubuntu.com/4143-1/Third Party Advisory
https://usn.ubuntu.com/4156-1/Third Party Advisory
https://usn.ubuntu.com/4156-2/Third Party Advisory

Analysis#

Affected Component
Analysis
libsdl
Exploitable

Vulnerability Ratings#

8.1
CVSSv31
5.8
CVSSv2

Others affected components#

Name
Project
Project Version
Version
Status
sdl
buildroot
2025.02.x
1.2.15
Exploitable
sdl2
buildroot
2025.02.x
2.30.12
Not Affected
sdl
buildroot
master
1.2.15
Exploitable
sdl2
buildroot
master
2.32.10
Not Affected
libsdl
yocto
kirkstone
1.2.15
Exploitable
libsdl2
yocto
kirkstone
2.0.20
Not Affected
libsdl
yocto
scarthgap
1.2.15
Exploitable
libsdl2
yocto
scarthgap
2.30.1
Not Affected