CVE-2019-7635 - Vulnerability Details

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Fedoraproject	Fedora
Libsdl	Simple Directmedia Layer
Opensuse	Backports Sle Leap
Redhat	Enterprise Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
SDL-0:1.2.15-17.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3868	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 8
SDL-0:1.2.15-38.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4627	2020-11-04T00:00:00Z

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html
https://bugzilla.libsdl.org/show_bug.cgi?id=4498
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html
https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
https://nvd.nist.gov/vuln/detail/CVE-2019-7635
https://security.gentoo.org/glsa/201909-07
https://security.gentoo.org/glsa/202305-17
https://usn.ubuntu.com/4143-1/
https://usn.ubuntu.com/4156-1/
https://usn.ubuntu.com/4156-2/
https://usn.ubuntu.com/4238-1/
https://www.cve.org/CVERecord?id=CVE-2019-7635

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-7635", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T20:54:28.411Z", "dateReserved": "2019-02-08T00:00:00", "datePublished": "2019-02-08T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-05-03T00:00:00"}, "descriptions": [{"lang": "en", "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"}, {"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4498"}, {"name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"}, {"url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"}, {"name": "openSUSE-SU-2019:1213", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"}, {"name": "openSUSE-SU-2019:1223", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"}, {"name": "openSUSE-SU-2019:1261", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"}, {"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1861-1] libsdl2-image security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"}, {"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"}, {"name": "openSUSE-SU-2019:2071", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"}, {"name": "GLSA-201909-07", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201909-07"}, {"name": "openSUSE-SU-2019:2109", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"}, {"name": "USN-4143-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4143-1/"}, {"name": "USN-4156-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4156-1/"}, {"name": "USN-4156-2", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4156-2/"}, {"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"}, {"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"}, {"name": "USN-4238-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4238-1/"}, {"name": "FEDORA-2020-24652fe41c", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"}, {"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"}, {"name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"}, {"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"}, {"name": "GLSA-202305-17", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202305-17"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2019-02-08T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:54:28.411Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"}, {"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4498", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"}, {"url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720", "tags": ["x_transferred"]}, {"name": "openSUSE-SU-2019:1213", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"}, {"name": "openSUSE-SU-2019:1223", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"}, {"name": "openSUSE-SU-2019:1261", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"}, {"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1861-1] libsdl2-image security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"}, {"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"}, {"name": "openSUSE-SU-2019:2071", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"}, {"name": "GLSA-201909-07", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/201909-07"}, {"name": "openSUSE-SU-2019:2109", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"}, {"name": "USN-4143-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/4143-1/"}, {"name": "USN-4156-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/4156-1/"}, {"name": "USN-4156-2", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/4156-2/"}, {"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"}, {"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"}, {"name": "USN-4238-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/4238-1/"}, {"name": "FEDORA-2020-24652fe41c", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"}, {"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"}, {"name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"}, {"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"}, {"name": "GLSA-202305-17", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202305-17"}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2019-7635 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2024-08-04T20:54:28.411Z (string)

dateReserved : 2019-02-08T00:00:00 (string)

datePublished : 2019-02-08T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-05-03T00:00:00 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

name : [debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update (string)

tags : [ »

0 : mailing-list (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html (string)

}

1 : { »

url : https://bugzilla.libsdl.org/show_bug.cgi?id=4498 (string)

}

2 : { »

name : [debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update (string)

tags : [ »

0 : mailing-list (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html (string)

}

3 : { »

url : https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 (string)

}

4 : { »

name : openSUSE-SU-2019:1213 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html (string)

}

5 : { »

name : openSUSE-SU-2019:1223 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html (string)

}

6 : { »

name : openSUSE-SU-2019:1261 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html (string)

}

7 : { »

name : [debian-lts-announce] 20190722 [SECURITY] [DLA 1861-1] libsdl2-image security update (string)

tags : [ »

0 : mailing-list (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html (string)

}

8 : { »

name : [debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update (string)

tags : [ »

0 : mailing-list (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html (string)

}

9 : { »

name : openSUSE-SU-2019:2071 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html (string)

}

10 : { »

name : GLSA-201909-07 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://security.gentoo.org/glsa/201909-07 (string)

}

11 : { »

name : openSUSE-SU-2019:2109 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html (string)

}

12 : { »

name : USN-4143-1 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://usn.ubuntu.com/4143-1/ (string)

}

13 : { »

name : USN-4156-1 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://usn.ubuntu.com/4156-1/ (string)

}

14 : { »

name : USN-4156-2 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://usn.ubuntu.com/4156-2/ (string)

}

15 : { »

name : [debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update (string)

tags : [ »

0 : mailing-list (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html (string)

}

16 : { »

name : [debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update (string)

tags : [ »

0 : mailing-list (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html (string)

}

17 : { »

name : USN-4238-1 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://usn.ubuntu.com/4238-1/ (string)

}

18 : { »

name : FEDORA-2020-24652fe41c (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/ (string)

}

19 : { »

name : [debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update (string)

tags : [ »

0 : mailing-list (string)

]

url : https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html (string)

}

20 : { »

name : [debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update (string)

tags : [ »

0 : mailing-list (string)

]

url : https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html (string)

}

21 : { »

name : [debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update (string)

tags : [ »

0 : mailing-list (string)

]

url : https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html (string)

}

22 : { »

name : GLSA-202305-17 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://security.gentoo.org/glsa/202305-17 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

datePublic : 2019-02-08T00:00:00 (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T20:54:28.411Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : [debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html (string)

}

1 : { »

url : https://bugzilla.libsdl.org/show_bug.cgi?id=4498 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

name : [debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html (string)

}

3 : { »

url : https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

name : openSUSE-SU-2019:1213 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html (string)

}

5 : { »

name : openSUSE-SU-2019:1223 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html (string)

}

6 : { »

name : openSUSE-SU-2019:1261 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html (string)

}

7 : { »

name : [debian-lts-announce] 20190722 [SECURITY] [DLA 1861-1] libsdl2-image security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html (string)

}

8 : { »

name : [debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html (string)

}

9 : { »

name : openSUSE-SU-2019:2071 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html (string)

}

10 : { »

name : GLSA-201909-07 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201909-07 (string)

}

11 : { »

name : openSUSE-SU-2019:2109 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html (string)

}

12 : { »

name : USN-4143-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://usn.ubuntu.com/4143-1/ (string)

}

13 : { »

name : USN-4156-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://usn.ubuntu.com/4156-1/ (string)

}

14 : { »

name : USN-4156-2 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://usn.ubuntu.com/4156-2/ (string)

}

15 : { »

name : [debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update (string)

tags : [ »

0 : mailing-list (string)

1 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html (string)

}

16 : { »

name : [debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update (string)

tags : [ »

0 : mailing-list (string)

1 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html (string)

}

17 : { »

name : USN-4238-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://usn.ubuntu.com/4238-1/ (string)

}

18 : { »

name : FEDORA-2020-24652fe41c (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/ (string)

}

19 : { »

name : [debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html (string)

}

20 : { »

name : [debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html (string)

}

21 : { »

name : [debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html (string)

}

22 : { »

name : GLSA-202305-17 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/202305-17 (string)

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*", "matchCriteriaId": "1987484C-BB76-4554-B040-1A8D2C90F0AA", "versionEndIncluding": "1.2.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*", "matchCriteriaId": "85C1FFE9-9495-4484-9D25-590ECE49482B", "versionEndIncluding": "2.0.9", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*", "matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c."}, {"lang": "es", "value": "SDL (Simple DirectMedia Layer), hasta la versi\u00f3n 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en Blit1to4 en video/SDL_blit_1.c."}], "id": "CVE-2019-7635", "lastModified": "2024-11-21T04:48:26.123", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-08T11:29:00.233", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4498"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201909-07"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202305-17"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4143-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4156-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4156-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4238-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4498"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201909-07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202305-17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4143-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4156-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4156-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4238-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1987484C-BB76-4554-B040-1A8D2C90F0AA (string)

versionEndIncluding : 1.2.15 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 85C1FFE9-9495-4484-9D25-590ECE49482B (string)

versionEndIncluding : 2.0.9 (string)

versionStartIncluding : 2.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:* (string)

matchCriteriaId : D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* (string)

matchCriteriaId : 40513095-7E6E-46B3-B604-C926F1BA3568 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* (string)

matchCriteriaId : F1E78106-58E6-4D59-990F-75DA575BFAD9 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* (string)

matchCriteriaId : B620311B-34A3-48A6-82DF-6F078D7A4493 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* (string)

matchCriteriaId : DEECE5FC-CACF-4496-A3E7-164736409252 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* (string)

matchCriteriaId : 80F0FA5D-8D3B-4C0E-81E2-87998286AF33 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* (string)

matchCriteriaId : CB66DB75-2B16-4EBF-9B93-CE49D8086E41 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* (string)

matchCriteriaId : 815D70A8-47D3-459C-A32C-9FEACA0659D1 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* (string)

matchCriteriaId : F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* (string)

matchCriteriaId : 23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* (string)

matchCriteriaId : CD783B0C-9246-47D9-A937-6144FE8BFF0F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (string)

}

1 : { »

lang : es (string)

value : SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en Blit1to4 en video/SDL_blit_1.c. (string)

}

]

id : CVE-2019-7635 (string)

lastModified : 2024-11-21T04:48:26.123 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 4.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.1 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.2 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-02-08T11:29:00.233 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Vendor Advisory (string)

]

url : https://bugzilla.libsdl.org/show_bug.cgi?id=4498 (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 (string)

}

7 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html (string)

}

10 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html (string)

}

11 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html (string)

}

12 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html (string)

}

13 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html (string)

}

14 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html (string)

}

15 : { »

source : cve@mitre.org (string)

url : https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html (string)

}

16 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/ (string)

}

17 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201909-07 (string)

}

18 : { »

source : cve@mitre.org (string)

url : https://security.gentoo.org/glsa/202305-17 (string)

}

19 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://usn.ubuntu.com/4143-1/ (string)

}

20 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://usn.ubuntu.com/4156-1/ (string)

}

21 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://usn.ubuntu.com/4156-2/ (string)

}

22 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://usn.ubuntu.com/4238-1/ (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Vendor Advisory (string)

]

url : https://bugzilla.libsdl.org/show_bug.cgi?id=4498 (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html (string)

}

38 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html (string)

}

39 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/ (string)

}

40 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201909-07 (string)

}

41 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/202305-17 (string)

}

42 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://usn.ubuntu.com/4143-1/ (string)

}

43 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://usn.ubuntu.com/4156-1/ (string)

}

44 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://usn.ubuntu.com/4156-2/ (string)

}

45 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://usn.ubuntu.com/4238-1/ (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-125 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2020:3868", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "SDL-0:1.2.15-17.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4627", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "SDL-0:1.2.15-38.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}], "bugzilla": {"description": "SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c", "id": "1677158", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677158"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified"}, "cwe": "CWE-122", "details": ["SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c."], "name": "CVE-2019-7635", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "SDL", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "SDL", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2019-02-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-7635\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7635"], "threat_severity": "Low"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2020:3868 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : SDL-0:1.2.15-17.el7 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2020-09-29T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2020:4627 (string)

cpe : cpe:/a:redhat:enterprise_linux:8 (string)

package : SDL-0:1.2.15-38.el8 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2020-11-04T00:00:00Z (string)

}

]

bugzilla : { »

description : SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (string)

id : 1677158 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1677158 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.1 (string)

cvss3_scoring_vector : CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L (string)

status : verified (string)

}

cwe : CWE-122 (string)

details : [ »

0 : SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (string)

]

name : CVE-2019-7635 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Will not fix (string)

package_name : SDL (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Will not fix (string)

package_name : SDL (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

]

public_date : 2019-02-07T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2019-7635 https://nvd.nist.gov/vuln/detail/CVE-2019-7635 (string)

]

threat_severity : Low (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction Required

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction Required

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object