CVE-2019-14906 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-14906 Interim 1 4 2025-02-17T01:58:19Z current 2023-10-31T00:43:56Z 2025-02-17T01:58:19Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-14906 A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 7 SDL-1.2.15-15.el7_7 SDL-devel-1.2.15-15.el7_7 SDL-static-1.2.15-15.el7_7 SDL-1.2.15-15.el7_7 as a component of SUSE Liberty Linux 7 SDL-devel-1.2.15-15.el7_7 as a component of SUSE Liberty Linux 7 SDL-static-1.2.15-15.el7_7 as a component of SUSE Liberty Linux 7 A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code. CVE-2019-14906 SUSE Liberty Linux 7:SDL-1.2.15-15.el7_7 SUSE Liberty Linux 7:SDL-devel-1.2.15-15.el7_7 SUSE Liberty Linux 7:SDL-static-1.2.15-15.el7_7 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H