CVE-2020-7635: 
JavaScript vulnerability analysis and mitigation

SDL (Simple DirectMedia Layer) through versions 1.2.15 and 2.x through 2.0.9 contains a heap-based buffer over-read vulnerability in the Blit1to4 function located in video/SDL_blit_1.c. This security issue was discovered and disclosed on February 8, 2019 (CVE-MITRE).

The vulnerability is classified with a CVSS 3.1 Base Score of 8.1 (High severity). The attack vector is network-based, with low attack complexity and requires no privileges, though user interaction is required. The vulnerability maintains unchanged scope, with high impact on confidentiality and availability, but no impact on integrity (Ubuntu-Security).

When successfully exploited, this vulnerability can lead to a total loss of confidentiality, potentially exposing all resources within the impacted component to the attacker. While the integrity impact is limited, the vulnerability can cause significant availability issues in the affected systems (Snyk-DB).

Multiple vendors have released patches to address this vulnerability. Ubuntu has provided fixes across various versions including Ubuntu 14.04 ESM, 16.04 LTS, and 18.04 LTS. The fixes are available through security updates for both libsdl1.2 and libsdl2 packages. Users are strongly advised to update to the patched versions (Ubuntu-Security).