CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34568 – Gentoo Linux Security Advisory 202305-17
https://notcve.org/view.php?id=CVE-2022-34568
28 Jul 2022 — SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c. Se ha detectado que SDL versión v1.2, contenía un uso de memoria previamente libarada por medio de la función XFree en el archivo /src/video/x11/SDL_x11yuv.c Multiple vulnerabilities have been found in libsdl, the worst of which could result in arbitrary code execution. Versions less than 1.2.15_p20221201>= are affected. • https://github.com/libsdl-org/SDL-1.2/issues/863 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14906 – SDL: not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:3950
https://notcve.org/view.php?id=CVE-2019-14906
02 Dec 2019 — A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the applica... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 1CVE-2019-13616 – SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c
https://notcve.org/view.php?id=CVE-2019-13616
16 Jul 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. hasta 2.0.9, presenta una lectura excesiva del búfer en la región heap de la memoria en BlitNtoN en el archivo video/SDL_blit_N.c cuando es llamado desde SDL_SoftBlit en el archivo video/SDL_blit.c. A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing s... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 1CVE-2019-7637 – SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c
https://notcve.org/view.php?id=CVE-2019-7637
08 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene un desbordamiento de búfer basado en memoria dinámica (heap) en SDL_FillRect en video/SDL_surface.c. Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Issues addressed include buffe... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 15EXPL: 1CVE-2019-7635 – SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c
https://notcve.org/view.php?id=CVE-2019-7635
08 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en Blit1to4 en video/SDL_blit_1.c. USN-4156-1 fixed several vulnerabilities in SDL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that SDL incorrectly handle... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: 12EXPL: 1CVE-2019-7636 – SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c
https://notcve.org/view.php?id=CVE-2019-7636
08 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en SDL_GetRGB en video/SDL_pixels.c. Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Issues addressed include buffer over... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2019-7638 – SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c
https://notcve.org/view.php?id=CVE-2019-7638
08 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en Map1toN en video/SDL_pixels.c. It was discovered that SDL 2.0 mishandled crafted image files resulting in an integer overflow. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1CVE-2019-7572 – SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c
https://notcve.org/view.php?id=CVE-2019-7572
07 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer en IMA_ADPCM_nibble en audio/SDL_wave.c. Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Issues addressed include buffer over-read and buffer overflow vulnerabili... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1CVE-2019-7575 – SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c
https://notcve.org/view.php?id=CVE-2019-7575
07 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene un desbordamiento de búfer basado en memoria dinámica (heap) en MS_ADPCM_decode en audio/SDL_wave.c. USN-4156-1 fixed several vulnerabilities in SDL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that SDL incorrec... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 1CVE-2019-7577 – SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c
https://notcve.org/view.php?id=CVE-2019-7577
07 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer en SDL_LoadWAV_RW en audio/SDL_wave.c. Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Issues addressed include buffer over-read and buffer overflow vulnerabilities... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-125: Out-of-bounds Read •