vulnerability
Arch Linux: Arbitrary code execution (CVE-2019-13616)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:N/A:P) | Jul 16, 2019 | Jul 11, 2025 | Nov 27, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:P)
Published
Jul 16, 2019
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.
Solution
arch-linux-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.