Bug 1141844 – VUL-1: CVE-2019-13616: SDL,SDL2: through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

Bug 1141844 - (CVE-2019-13616) VUL-1: CVE-2019-13616: SDL,SDL2: through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

(CVE-2019-13616)
Summary:	VUL-1: CVE-2019-13616: SDL,SDL2: through 1.2.15 and 2.x through 2.0.9 has a h...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/237332/
Whiteboard:	maint:released:sle10-sp3:64353 CVSSv3...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-07-17 11:52 UTC by Wolfgang Frisch
Modified:	2022-03-01 16:17 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wolfgang Frisch 2019-07-17 11:52:18 UTC

CVE-2019-13616

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from
SDL_SoftBlit in video/SDL_blit.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13616
http://www.cvedetails.com/cve/CVE-2019-13616/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616
https://bugzilla.libsdl.org/show_bug.cgi?id=4538

Comment 2 Swamp Workflow Management 2019-08-23 12:00:07 UTC

This is an autogenerated message for OBS integration:
This bug (1141844) was mentioned in
https://build.opensuse.org/request/show/725547 15.0 / SDL2
https://build.opensuse.org/request/show/725548 15.1 / SDL2

Comment 3 Swamp Workflow Management 2019-08-23 14:20:08 UTC

This is an autogenerated message for OBS integration:
This bug (1141844) was mentioned in
https://build.opensuse.org/request/show/725587 15.0 / SDL_image
https://build.opensuse.org/request/show/725588 15.1 / SDL_image

Comment 4 Swamp Workflow Management 2019-08-23 15:50:24 UTC

This is an autogenerated message for OBS integration:
This bug (1141844) was mentioned in
https://build.opensuse.org/request/show/725636 Factory / SDL2_image
https://build.opensuse.org/request/show/725637 15.0 / SDL2_image
https://build.opensuse.org/request/show/725638 15.1 / SDL2_image

Comment 8 Swamp Workflow Management 2019-09-05 13:13:54 UTC

openSUSE-SU-2019:2070-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1135787,1135789,1135796,1135806,1136101,1140419,1140421,1141844,1143763,1143764,1143766,1143768
CVE References: CVE-2019-12217,CVE-2019-12218,CVE-2019-12220,CVE-2019-12221,CVE-2019-12222,CVE-2019-13616,CVE-2019-5051,CVE-2019-5052,CVE-2019-5057,CVE-2019-5058,CVE-2019-5059,CVE-2019-5060
Sources used:
openSUSE Leap 15.1 (src):    SDL2_image-2.0.5-lp151.2.5.1
openSUSE Leap 15.0 (src):    SDL2_image-2.0.5-lp150.9.1

Comment 9 Swamp Workflow Management 2019-09-05 13:19:04 UTC

openSUSE-SU-2019:2071-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1124827,1140421,1141844,1143763,1143764,1143766,1143768
CVE References: CVE-2019-13616,CVE-2019-5052,CVE-2019-5057,CVE-2019-5058,CVE-2019-5059,CVE-2019-5060,CVE-2019-7635
Sources used:
openSUSE Leap 15.1 (src):    SDL_image-1.2.12+hg695-lp151.3.3.1
openSUSE Leap 15.0 (src):    SDL_image-1.2.12+hg695-lp150.2.3.1

Comment 10 Swamp Workflow Management 2019-09-06 13:08:11 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2019-09-20.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64352

Comment 11 Swamp Workflow Management 2019-09-10 19:13:09 UTC

openSUSE-SU-2019:2108-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1135787,1135789,1135796,1135806,1136101,1140419,1140421,1141844,1143763,1143764,1143766,1143768
CVE References: CVE-2019-12217,CVE-2019-12218,CVE-2019-12220,CVE-2019-12221,CVE-2019-12222,CVE-2019-13616,CVE-2019-5051,CVE-2019-5052,CVE-2019-5057,CVE-2019-5058,CVE-2019-5059,CVE-2019-5060
Sources used:
openSUSE Backports SLE-15-SP1 (src):    SDL2_image-2.0.5-bp151.4.3.1
openSUSE Backports SLE-15 (src):    SDL2_image-2.0.5-bp150.3.6.1

Comment 12 Swamp Workflow Management 2019-09-10 19:15:27 UTC

openSUSE-SU-2019:2109-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1124827,1140421,1141844,1143763,1143764,1143766,1143768
CVE References: CVE-2019-13616,CVE-2019-5052,CVE-2019-5057,CVE-2019-5058,CVE-2019-5059,CVE-2019-5060,CVE-2019-7635
Sources used:
openSUSE Backports SLE-15-SP1 (src):    SDL_image-1.2.12+hg695-bp151.4.3.1
openSUSE Backports SLE-15 (src):    SDL_image-1.2.12+hg695-bp150.3.3.1

Comment 13 Swamp Workflow Management 2019-09-25 19:12:41 UTC

SUSE-SU-2019:2463-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1141844,1142031
CVE References: CVE-2019-13616,CVE-2019-13626
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    SDL2-2.0.8-3.15.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    SDL2-2.0.8-3.15.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    SDL2-2.0.8-3.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2019-09-30 22:12:16 UTC

openSUSE-SU-2019:2226-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1141844,1142031
CVE References: CVE-2019-13616,CVE-2019-13626
Sources used:
openSUSE Leap 15.1 (src):    SDL2-2.0.8-lp151.4.6.1

Comment 15 Swamp Workflow Management 2019-09-30 22:14:26 UTC

openSUSE-SU-2019:2224-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1141844,1142031
CVE References: CVE-2019-13616,CVE-2019-13626
Sources used:
openSUSE Leap 15.0 (src):    SDL2-2.0.8-lp150.2.9.1

Comment 16 Swamp Workflow Management 2020-07-07 16:14:44 UTC

SUSE-SU-2019:2463-2: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1141844,1142031
CVE References: CVE-2019-13616,CVE-2019-13626
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src):    SDL2-2.0.8-3.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2020-10-26 14:20:42 UTC

SUSE-SU-2020:3030-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1141844
CVE References: CVE-2019-13616
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    SDL-1.2.15-15.14.2
SUSE Linux Enterprise Server 12-SP5 (src):    SDL-1.2.15-15.14.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2020-11-10 14:19:17 UTC

SUSE-SU-2020:3261-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1141844
CVE References: CVE-2019-13616
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src):    SDL-1.2.15-3.12.73
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    SDL-1.2.15-3.12.73

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Swamp Workflow Management 2020-11-14 14:14:35 UTC

openSUSE-SU-2020:1916-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1141844
CVE References: CVE-2019-13616
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    SDL-1.2.15-lp152.5.3.1

Comment 20 Swamp Workflow Management 2020-11-21 14:16:53 UTC

openSUSE-SU-2020:1990-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1141844
CVE References: CVE-2019-13616
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    SDL-1.2.15-lp151.4.3.1

Comment 21 Wolfgang Frisch 2020-12-09 16:28:05 UTC

Released.