Bug 1777372 (CVE-2019-14906)
| Summary: | CVE-2019-14906 SDL: CVE-2019-13616 not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:3950 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Riccardo Schirone <rschiron> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | dingyichen, erik-fedora, igor.raits, klember, maci, manisandro, ppisar, tcallawa, wtaymans |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. A heap-based buffer overflow flaw, in SDL while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-12-02 13:04:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1777405, 1777406 | ||
| Bug Blocks: | 1777373 | ||
|
Description
Riccardo Schirone
2019-11-27 14:17:03 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:4024 https://access.redhat.com/errata/RHSA-2019:4024 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14906 |