CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4743
https://notcve.org/view.php?id=CVE-2022-4743
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. • https://access.redhat.com/security/cve/CVE-2022-4743 https://bugzilla.redhat.com/show_bug.cgi?id=2156290 https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b https://github.com/libsdl-org/SDL/pull/6269 https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html https://security.gentoo.org/glsa/202305-18 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34568
https://notcve.org/view.php?id=CVE-2022-34568
SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c. Se ha detectado que SDL versión v1.2, contenía un uso de memoria previamente libarada por medio de la función XFree en el archivo /src/video/x11/SDL_x11yuv.c • https://github.com/libsdl-org/SDL-1.2/issues/863 https://security.gentoo.org/glsa/202305-17 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-27470
https://notcve.org/view.php?id=CVE-2022-27470
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. Se ha detectado que SDL_ttf versiones v2.0.18 y anteriores, contienen una escritura arbitraria en memoria por medio de la función TTF_RenderText_Solid(). Esta vulnerabilidad es desencadenada por medio de un archivo TTF diseñado • https://github.com/libsdl-org/SDL_ttf/commit/db1b41ab8bde6723c24b866e466cad78c2fa0448 https://github.com/libsdl-org/SDL_ttf/issues/187 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAGMQMRQDTZFQW64JEW3O6HY3JYLAAHT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RXI3MDPR24W5557G34YHWOP2MOK6BTGB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPYTEBBNHCDGPVFACC5RC5K2FZUCYTPZ • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33657
https://notcve.org/view.php?id=CVE-2021-33657
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. Se presenta un problema de desbordamiento de pila en el archivo video/SDL_pixels.c en SDL (Simple DirectMedia Layer) versiones 2.x a 2.0.18. Al diseñar un archivo .BMP malicioso, un atacante puede causar el bloqueo de la aplicación que usa esta biblioteca, una denegación de servicio o una ejecución de Código • https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html https://security.gentoo.org/glsa/202305-17 https://security.gentoo.org/glsa/202305-18 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14409
https://notcve.org/view.php?id=CVE-2020-14409
SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. SDL (Simple DirectMedia Layer) versiones hasta 2.0.12, presenta un Desbordamiento de Enteros (y una corrupción de la pila de SDL_memcpy resultante) en SDL_BlitCopy en el archivo video/SDL_blit_copy.c por medio de un archivo .BMP diseñado • https://bugzilla.libsdl.org/show_bug.cgi?id=5200 https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FS32YCEJLQ2FYUWSWYI2ZMQWQEAWJNR https://security.gentoo.org/glsa/202107-55 https://www.starwindsoftware.com/security/sw-20210325-0001 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •