CVE Vulnerabilities

CVE-2019-12217

NULL Pointer Dereference

Published: May 20, 2019 | Modified: Nov 07, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
4 LOW
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Ubuntu
LOW

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Sdl2_image Libsdl 2.0.4 (including) 2.0.4 (including)
Simple_directmedia_layer Libsdl 2.0.9 (including) 2.0.9 (including)
Libsdl2-image Ubuntu bionic *
Libsdl2-image Ubuntu disco *
Libsdl2-image Ubuntu esm-apps/bionic *
Libsdl2-image Ubuntu esm-apps/xenial *
Libsdl2-image Ubuntu trusty *
Libsdl2-image Ubuntu trusty/esm *
Libsdl2-image Ubuntu upstream *
Libsdl2-image Ubuntu xenial *
Sdl-image1.2 Ubuntu bionic *
Sdl-image1.2 Ubuntu disco *
Sdl-image1.2 Ubuntu trusty *
Sdl-image1.2 Ubuntu trusty/esm *
Sdl-image1.2 Ubuntu upstream *
Sdl-image1.2 Ubuntu xenial *

Potential Mitigations

References