CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2019-5057
https://notcve.org/view.php?id=CVE-2019-5057
31 Jul 2019 — An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad de renderización de imágenes PCX de SDL2_image versión 2.0.4. Una imagen PCX especialmente diseñada puede causar un desbordamiento de la pila, resu... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-13626 – Gentoo Linux Security Advisory 201909-07
https://notcve.org/view.php?id=CVE-2019-13626
17 Jul 2019 — SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c. SDL (Simple DirectMedia Layer) versiones 2.x hasta 2.0.9, presenta un desbordamiento del búfer en la región heap de la memoria en Fill_IMA_ADPCM_block, causado por un desbordamiento de enteros en la función IMA_ADPCM_decode() en el archivo audio/SDL_wave.c. Multiple vulnerabilities have been found in Simple DirectMedia Layer, the... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 4%CPEs: 23EXPL: 1CVE-2019-13616 – SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c
https://notcve.org/view.php?id=CVE-2019-13616
16 Jul 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. hasta 2.0.9, presenta una lectura excesiva del búfer en la región heap de la memoria en BlitNtoN en el archivo video/SDL_blit_N.c cuando es llamado desde SDL_SoftBlit en el archivo video/SDL_blit.c. A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing s... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 1CVE-2019-5051
https://notcve.org/view.php?id=CVE-2019-5051
03 Jul 2019 — An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de búfer basado en memoria dinámica (heap) cuando se carga un archivo PCX en SDL2_image, versión 2.0.4. La falta de un manejador de errores puede provocar un desbordamien... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-390: Detection of Error Condition Without Action CWE-755: Improper Handling of Exceptional Conditions CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 1CVE-2019-5052
https://notcve.org/view.php?id=CVE-2019-5052
03 Jul 2019 — An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de enteros explotable al cargar un archivo PCX en SDL2_image versión 2.0.4. Un archivo especialmente manipulado pu... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12222
https://notcve.org/view.php?id=CVE-2019-12222
20 May 2019 — An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c. Se descubrió un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9. Hay una lectura fuera de límites en la función SDL_InvalidateMap at video/SDL_pixels.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 1CVE-2019-12221
https://notcve.org/view.php?id=CVE-2019-12221
20 May 2019 — An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. Se detectó un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9 cuando se usa junto con libSDL2_image.a en SDL2_image 2.0.4. Hay un SEGV en la función SDL SDL_free_REAL at stdlib / SDL_malloc.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12220
https://notcve.org/view.php?id=CVE-2019-12220
20 May 2019 — An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c. Se detectó un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9 cuando se usa junto con libSDL2_image.a en SDL2_image 2.0.4. Hay una lectura de fuera de límites en la función SDL_FreePalette_REAL de SDL at video / SDL_pixels.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12219 – Ubuntu Security Notice USN-4238-1
https://notcve.org/view.php?id=CVE-2019-12219
20 May 2019 — An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c. Se detectó un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9 cuando se usa junto con libSDL2_image.a en SDL2_image 2.0.4. Hay un error gratuito no válido en la función SDL_SetError_REAL de SDL en SDL_error.c. It was discovered that SDL_image incorrectly handled certai... • https://bugzilla.libsdl.org/show_bug.cgi?id=4625 • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12218
https://notcve.org/view.php?id=CVE-2019-12218
20 May 2019 — An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. Se detectó un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9 cuando se usa junto con libSDL2_image.a en SDL2_image 2.0.4. Hay una diferencia de puntero NULL en la function SDL2_image IMG_LoadPCX_RW at IMG_pcx.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-476: NULL Pointer Dereference •