Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2019-13616

Published: 15 October 2019

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

From the Ubuntu Security Team

USN-4238-1 addressed serveral vulnerabilities in SDL_image. This update provides the corresponding fixes for Ubuntu 14.04 ESM.

Priority

Low

Cvss 3 Severity Score

8.1

Score breakdown

Status

Package Release Status
sdl-image1.2
Launchpad, Ubuntu, Debian
eoan Not vulnerable
(1.2.12-12)
focal Not vulnerable
(1.2.12-12)
kinetic Not vulnerable
(1.2.12-12)
trusty
Released (1.2.12-5+deb9u1ubuntu0.14.04.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
bionic
Released (1.2.12-8ubuntu0.1)
disco Ignored
(end of life)
groovy Not vulnerable
(1.2.12-12)
hirsute Not vulnerable
(1.2.12-12)
impish Not vulnerable
(1.2.12-12)
jammy Not vulnerable
(1.2.12-12)
lunar Not vulnerable
(1.2.12-12)
upstream
Released (1.2.12-12)
xenial
Released (1.2.12-5+deb9u1ubuntu0.16.04.1)
mantic Not vulnerable
(1.2.12-12)
Patches:



upstream: https://hg.libsdl.org/SDL_image/rev/a59bfe382008
libsdl1.2
Launchpad, Ubuntu, Debian
impish Not vulnerable
(1.2.15+dfsg2-5)
hirsute Not vulnerable
(1.2.15+dfsg2-5)
kinetic Not vulnerable
(1.2.15+dfsg2-5)
bionic
Released (1.2.15+dfsg2-0.1ubuntu0.1)
disco Ignored
(end of life)
eoan Not vulnerable
(1.2.15+dfsg2-5)
focal Not vulnerable
(1.2.15+dfsg2-5)
groovy Not vulnerable
(1.2.15+dfsg2-5)
jammy Not vulnerable
(1.2.15+dfsg2-5)
lunar Not vulnerable
(1.2.15+dfsg2-5)
trusty
Released (1.2.15-8ubuntu1.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
upstream
Released (1.2.15+dfsg2-5)
xenial
Released (1.2.15+dfsg1-3ubuntu0.1)
mantic Does not exist

Patches:
upstream: https://hg.libsdl.org/SDL/rev/ad1bbfbca760



libsdl2
Launchpad, Ubuntu, Debian
impish Not vulnerable
(2.0.10+dfsg1-1ubuntu1)
hirsute Not vulnerable
(2.0.10+dfsg1-1ubuntu1)
xenial Needed

kinetic Not vulnerable
(2.0.10+dfsg1-1ubuntu1)
bionic Needed

disco Ignored
(end of life)
eoan Not vulnerable
(2.0.10+dfsg1-1ubuntu1)
focal Not vulnerable
(2.0.10+dfsg1-1ubuntu1)
groovy Not vulnerable
(2.0.10+dfsg1-1ubuntu1)
jammy Not vulnerable
(2.0.10+dfsg1-1ubuntu1)
lunar Not vulnerable
(2.0.10+dfsg1-1ubuntu1)
trusty Needed

upstream
Released (2.0.10+dfsg1-1)
mantic Not vulnerable
(2.0.10+dfsg1-1ubuntu1)
Patches:

upstream: https://hg.libsdl.org/SDL/rev/e7ba650a643a


libsdl2-image
Launchpad, Ubuntu, Debian
xenial Needed

kinetic Not vulnerable
(2.0.5+dfsg1-2)
trusty Needs triage

bionic Needed

disco Ignored
(end of life)
eoan Ignored
(end of life)
focal Not vulnerable
(2.0.5+dfsg1-2)
groovy Not vulnerable
(2.0.5+dfsg1-2)
hirsute Not vulnerable
(2.0.5+dfsg1-2)
impish Not vulnerable
(2.0.5+dfsg1-2)
jammy Not vulnerable
(2.0.5+dfsg1-2)
lunar Not vulnerable
(2.0.5+dfsg1-2)
upstream Needed

mantic Not vulnerable
(2.0.5+dfsg1-2)
Patches:


upstream: https://hg.libsdl.org/SDL_image/rev/ba45f00879ba

Severity score breakdown

Parameter Value
Base score 8.1
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H