MidnightBSD

Advisories for libsdl

CVE-2017-12122 MEDIUM

An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
libsdl sdl_image 2.0.2
debian debian_linux 8.0
debian debian_linux 7.0
CVE-2017-14440 MEDIUM

An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
libsdl sdl_image 2.0.2
debian debian_linux 8.0
debian debian_linux 7.0
CVE-2017-14441 MEDIUM

An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 9.0
libsdl sdl_image 2.0.2
debian debian_linux 8.0
debian debian_linux 7.0
CVE-2017-14442 MEDIUM

An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 9.0
libsdl sdl_image 2.0.2
debian debian_linux 8.0
debian debian_linux 7.0
CVE-2017-14448 MEDIUM

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
libsdl sdl_image 2.0.2
debian debian_linux 8.0
CVE-2017-14449 MEDIUM

A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
debian debian_linux 9.0
libsdl sdl_image 2.0.2
debian debian_linux 8.0
CVE-2017-14450 MEDIUM

A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 9.0
libsdl sdl_image 2.0.2
debian debian_linux 8.0
debian debian_linux 7.0
CVE-2017-2887 MEDIUM

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
libsdl sdl_image 2.0.1
debian debian_linux 8.0
CVE-2017-2888 MEDIUM

An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 9.0
libsdl simple_directmedia_layer 2.0.5
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
CVE-2018-3837 MEDIUM

An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
starwindsoftware starwind_virtual_san v8
libsdl sdl_image 2.0.2
debian debian_linux 8.0
CVE-2018-3838 MEDIUM

An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
libsdl sdl_image 2.0.2
debian debian_linux 8.0
CVE-2018-3839 MEDIUM

An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
starwindsoftware starwind_virtual_san v8
libsdl sdl_image 2.0.2
debian debian_linux 8.0
CVE-2018-3977 MEDIUM

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libsdl sdl_image 2.0.3
CVE-2019-12216 MEDIUM

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libsdl sdl2_image 2.0.4
fedoraproject fedora 31
debian debian_linux 8.0
libsdl simple_directmedia_layer 2.0.9
canonical ubuntu_linux 18.04
fedoraproject fedora 29
canonical ubuntu_linux 16.04
CVE-2019-12217 MEDIUM

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libsdl sdl2_image 2.0.4
libsdl simple_directmedia_layer 2.0.9
CVE-2019-12218 MEDIUM

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libsdl sdl2_image 2.0.4
libsdl simple_directmedia_layer 2.0.9
CVE-2019-12219 MEDIUM

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
libsdl sdl2_image 2.0.4
libsdl simple_directmedia_layer 2.0.9
CVE-2019-12220 MEDIUM

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libsdl sdl2_image 2.0.4
libsdl simple_directmedia_layer 2.0.9
CVE-2019-12221 MEDIUM

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
libsdl sdl2_image 2.0.4
opensuse backports_sle 15.0
fedoraproject fedora 31
debian debian_linux 8.0
libsdl simple_directmedia_layer 2.0.9
canonical ubuntu_linux 18.04
fedoraproject fedora 29
canonical ubuntu_linux 16.04
opensuse leap 15.0
CVE-2019-12222 MEDIUM

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libsdl simple_directmedia_layer 2.0.9
CVE-2019-13616 MEDIUM

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 8.1
opensuse backports_sle 15.0
fedoraproject fedora 31
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
libsdl simple_directmedia_layer *
redhat enterprise_linux_eus 7.7
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux_server_tus 7.7
debian debian_linux 10.0
fedoraproject fedora 30
fedoraproject fedora 29
opensuse leap 15.0
CVE-2019-13626 MEDIUM

SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
fedoraproject fedora 31
libsdl libsdl *
debian debian_linux 10.0
opensuse leap 15.0
CVE-2019-14906 HIGH

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,CWE-787,CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
libsdl simple_directmedia_layer *
CVE-2019-5051 MEDIUM

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-390,CWE-755,CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
libsdl sdl2_image 2.0.4
opensuse backports_sle 15.0
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
opensuse leap 15.0
CVE-2019-5052 MEDIUM

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
opensuse leap 15.1
libsdl sdl2_image 2.0.4
opensuse backports_sle 15.0
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
opensuse leap 15.0
CVE-2019-5057 MEDIUM

An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
libsdl sdl2_image 2.0.4
opensuse backports_sle 15.0
opensuse leap 15.0
CVE-2019-5058 MEDIUM

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
libsdl sdl2_image 2.0.4
opensuse backports_sle 15.0
opensuse leap 15.0
CVE-2019-5059 MEDIUM

An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
libsdl sdl2_image 2.0.4
opensuse backports_sle 15.0
opensuse leap 15.0
CVE-2019-5060 MEDIUM

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
libsdl sdl2_image 2.0.4
opensuse backports_sle 15.0
opensuse leap 15.0
CVE-2019-7572 MEDIUM

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
debian debian_linux 9.0
fedoraproject fedora 31
opensuse leap 42.3
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
libsdl simple_directmedia_layer *
opensuse leap 15.0
CVE-2019-7573 MEDIUM

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
debian debian_linux 9.0
fedoraproject fedora 31
opensuse leap 42.3
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
libsdl simple_directmedia_layer *
opensuse leap 15.0
CVE-2019-7574 MEDIUM

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
debian debian_linux 9.0
fedoraproject fedora 31
opensuse leap 42.3
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
libsdl simple_directmedia_layer *
opensuse leap 15.0
CVE-2019-7575 MEDIUM

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
debian debian_linux 9.0
fedoraproject fedora 31
opensuse leap 42.3
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
libsdl simple_directmedia_layer *
opensuse leap 15.0
CVE-2019-7576 MEDIUM

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
debian debian_linux 9.0
fedoraproject fedora 31
opensuse leap 42.3
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
libsdl simple_directmedia_layer *
opensuse leap 15.0
CVE-2019-7577 MEDIUM

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
fedoraproject fedora 31
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
libsdl simple_directmedia_layer *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
opensuse leap 42.3
debian debian_linux 8.0
fedoraproject fedora 28
fedoraproject fedora 29
opensuse leap 15.0
CVE-2019-7578 MEDIUM

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
debian debian_linux 9.0
fedoraproject fedora 31
opensuse leap 42.3
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
libsdl simple_directmedia_layer *
opensuse leap 15.0
CVE-2019-7635 MEDIUM

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
debian debian_linux 9.0
opensuse backports_sle 15.0
fedoraproject fedora 31
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
libsdl simple_directmedia_layer *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
opensuse leap 42.3
debian debian_linux 8.0
opensuse leap 15.0
CVE-2019-7636 MEDIUM

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
debian debian_linux 9.0
fedoraproject fedora 31
canonical ubuntu_linux 19.04
opensuse leap 42.3
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
libsdl simple_directmedia_layer *
opensuse leap 15.0
CVE-2019-7637 MEDIUM

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
debian debian_linux 9.0
fedoraproject fedora 31
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
libsdl simple_directmedia_layer *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
opensuse leap 42.3
debian debian_linux 8.0
opensuse leap 15.0
CVE-2019-7638 MEDIUM

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
fedoraproject fedora 31
canonical ubuntu_linux 19.04
opensuse leap 42.3
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
libsdl simple_directmedia_layer *
opensuse leap 15.0
CVE-2020-14409 MEDIUM

SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
starwindsoftware starwind_virtual_san v8
fedoraproject fedora 33
libsdl simple_directmedia_layer *
CVE-2020-14410 MEDIUM

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
fedoraproject fedora 33
libsdl simple_directmedia_layer *
CVE-2021-33657 MEDIUM

There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libsdl simple_directmedia_layer *
CVE-2022-27470 MEDIUM

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libsdl sdl_ttf *
fedoraproject fedora 35
fedoraproject fedora 34
fedoraproject fedora 36
CVE-2022-34568

SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
libsdl simple_directmedia_layer *
CVE-2022-4743

A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
libsdl simple_directmedia_layer *