#VU23187 Out-of-bounds read in Red Hat Inc. products - CVE-2019-14906

Cybersecurity Help s.r.o.

Published: 2019-12-02

Vulnerability identifier: #VU23187

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-14906

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Red Hat Enterprise Linux Server
Operating systems & Components / Operating system
Red Hat Enterprise Linux Workstation
Operating systems & Components / Operating system
Red Hat Enterprise Linux for IBM z Systems
Operating systems & Components / Operating system
Red Hat Enterprise Linux for Power
Operating systems & Components / Operating system
Red Hat Enterprise Linux Desktop
Operating systems & Components / Operating system
Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system

Vendor: Red Hat Inc.

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the "BlitNtoN" function in the "video/SDL_blit_N.c" file when called from the "SDL_SoftBlit" function in the "video/SDL_blit.c" file. A remote attacker can trick a victim to open a specially crafted file and perform a denial of service attack.

Note, this issue exists due to incorrect patch implementation in Red Hat Enterprise Linux 7 for vulnerability CVE-2019-13616, described in SB2019112513.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server: 7 - 7.7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux for IBM z Systems: 7 - 7.7

Red Hat Enterprise Linux for Power: 7 - 7.7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux for x86_64: 7.0 - 7.7

External links
https://access.redhat.com/errata/RHSA-2019:4024

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 7 update for SDL