CVE-2022-4743
https://notcve.org/view.php?id=CVE-2022-4743
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. • https://access.redhat.com/security/cve/CVE-2022-4743 https://bugzilla.redhat.com/show_bug.cgi?id=2156290 https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b https://github.com/libsdl-org/SDL/pull/6269 https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html https://security.gentoo.org/glsa/202305-18 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2021-33657
https://notcve.org/view.php?id=CVE-2021-33657
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. Se presenta un problema de desbordamiento de pila en el archivo video/SDL_pixels.c en SDL (Simple DirectMedia Layer) versiones 2.x a 2.0.18. Al diseñar un archivo .BMP malicioso, un atacante puede causar el bloqueo de la aplicación que usa esta biblioteca, una denegación de servicio o una ejecución de Código • https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html https://security.gentoo.org/glsa/202305-17 https://security.gentoo.org/glsa/202305-18 • CWE-787: Out-of-bounds Write •
CVE-2019-14906 – SDL: not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:3950
https://notcve.org/view.php?id=CVE-2019-14906
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code. Se encontró un fallo con la errata de RHSA-2019: 3950, donde no se corrigió la vulnerabilidad SDL CVE-2019-13616. Este problema solo afecta a los paquetes SDL de Red Hat, SDL versiones hasta la versión 1.2.15 y versiones 2.x hasta la versión 2.0.9, tienen un fallo de desbordamiento de búfer en la región heap de la memoria mientras se copia una superficie existente en una nueva optimizada, debido a una falta de comprobación mientras la carga de una imagen BMP, es posible. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906 https://access.redhat.com/security/cve/CVE-2019-14906 https://bugzilla.redhat.com/show_bug.cgi?id=1777372 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2019-13616 – SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c
https://notcve.org/view.php?id=CVE-2019-13616
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. hasta 2.0.9, presenta una lectura excesiva del búfer en la región heap de la memoria en BlitNtoN en el archivo video/SDL_blit_N.c cuando es llamado desde SDL_SoftBlit en el archivo video/SDL_blit.c. A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html https://access.redhat.com/errata/RHSA-2019:3950 https:/ • CWE-125: Out-of-bounds Read •
CVE-2019-12222
https://notcve.org/view.php?id=CVE-2019-12222
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c. Se descubrió un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9. Hay una lectura fuera de límites en la función SDL_InvalidateMap at video/SDL_pixels.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html https://bugzilla.libsdl.org/show_bug.cgi?id=4621 https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO https://lists.fedoraproject.org/archives/list/package • CWE-125: Out-of-bounds Read •