14 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c. Se ha detectado que SDL versión v1.2, contenía un uso de memoria previamente libarada por medio de la función XFree en el archivo /src/video/x11/SDL_x11yuv.c • https://github.com/libsdl-org/SDL-1.2/issues/863 https://security.gentoo.org/glsa/202305-17 • CWE-416: Use After Free •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code. Se encontró un fallo con la errata de RHSA-2019: 3950, donde no se corrigió la vulnerabilidad SDL CVE-2019-13616. Este problema solo afecta a los paquetes SDL de Red Hat, SDL versiones hasta la versión 1.2.15 y versiones 2.x hasta la versión 2.0.9, tienen un fallo de desbordamiento de búfer en la región heap de la memoria mientras se copia una superficie existente en una nueva optimizada, debido a una falta de comprobación mientras la carga de una imagen BMP, es posible. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906 https://access.redhat.com/security/cve/CVE-2019-14906 https://bugzilla.redhat.com/show_bug.cgi?id=1777372 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 1

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. hasta 2.0.9, presenta una lectura excesiva del búfer en la región heap de la memoria en BlitNtoN en el archivo video/SDL_blit_N.c cuando es llamado desde SDL_SoftBlit en el archivo video/SDL_blit.c. A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html https://access.redhat.com/errata/RHSA-2019:3950 https:/ • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 1

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene un desbordamiento de búfer basado en memoria dinámica (heap) en SDL_FillRect en video/SDL_surface.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00081.html https://bugzilla.libsdl.org/show_bug.cgi?id=4497 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 htt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 8.4EPSS: 0%CPEs: 12EXPL: 1

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en SDL_GetRGB en video/SDL_pixels.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html https://bugzilla.libsdl.org/show_bug.cgi?id=4499 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html https:/& • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •