NVD Vulnerability Detail

CVE-2019-12216

Summary	An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.
Publication Date	May 21, 2019, 2:29 a.m.
Registration Date	Jan. 26, 2021, 11:38 a.m.
Last Update	Nov. 21, 2024, 1:22 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

Related information, measures and tools

No	URL	タグ
1	https://bugzilla.libsdl.org/show_bug.cgi?id=4619	Exploit Issue Tracking Vendor Advisory
2	https://bugzilla.libsdl.org/show_bug.cgi?id=4619	Exploit Issue Tracking Vendor Advisory
3	https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html	Mailing List Third Party Advisory
4	https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html	Mailing List Third Party Advisory
5	https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html	Mailing List Third Party Advisory
6	https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html	Mailing List Third Party Advisory
7	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/
8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/
9	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/
10	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/
11	https://usn.ubuntu.com/4238-1/	Third Party Advisory
12	https://usn.ubuntu.com/4238-1/	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html

JVN Vulnerability Information

Simple DirectMedia Layer および SDL2_image におけるバッファエラーの脆弱性

Title	Simple DirectMedia Layer および SDL2_image におけるバッファエラーの脆弱性
Summary	Simple DirectMedia Layer (SDL) および SDL2_image には、バッファエラーの脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	May 5, 2019, midnight
Registration Date	June 6, 2019, 11:26 a.m.
Last Update	June 6, 2019, 11:26 a.m.

Affected System

Simple DirectMedia Layer

SDL 2.0.9

SDL2_image 2.0.4

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2019-12216	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12216
National Vulnerability Database (NVD)
2	CVE-2019-12216	https://nvd.nist.gov/vuln/detail/CVE-2019-12216

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Bugzilla
1	Bug 4619	https://bugzilla.libsdl.org/show_bug.cgi?id=4619

Change Log

No	Changed Details	Date of change
1	[2019年06月06日] 掲載	June 6, 2019, 11:26 a.m.