CVSS: 8.8EPSS: 3%CPEs: 11EXPL: 1CVE-2019-7576 – SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
https://notcve.org/view.php?id=CVE-2019-7576
07 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en InitMS_ADPCM en audio/SDL_wave.c (fuera del bucle wNumCoef). Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 3%CPEs: 13EXPL: 1CVE-2019-7577 – SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c
https://notcve.org/view.php?id=CVE-2019-7577
07 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer en SDL_LoadWAV_RW en audio/SDL_wave.c. Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Issues addressed include buffer over-read and buffer overflow vulnerabilities... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 3%CPEs: 11EXPL: 1CVE-2019-7578 – SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c
https://notcve.org/view.php?id=CVE-2019-7578
07 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en InitIMA_ADPCM en audio/SDL_wave.c. Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Issues addressed include buffer ov... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-3977 – Gentoo Linux Security Advisory 201903-17
https://notcve.org/view.php?id=CVE-2018-3977
01 Nov 2018 — An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de renderización de imágenes XCF de SDL2_image-2.0.3. Un archivo XCF especialmente manipulado puede provocar un desbordamiento de memoria dinámica (heap... • https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-12122 – Gentoo Linux Security Advisory 201903-17
https://notcve.org/view.php?id=CVE-2017-12122
23 Apr 2018 — An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de renderización de imágenes ILBM de SDL2_image-2.0.2. Una imagen ILBM especialmente manipulada puede provocar un desbordamiento de memoria dinámica (h... • https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-14440 – Gentoo Linux Security Advisory 201903-17
https://notcve.org/view.php?id=CVE-2017-14440
23 Apr 2018 — An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de renderización de imágenes ILBM de SDL2_image-2.0.2. Un paquete de red especialmente manipulado puede provocar un desbordamiento de pila que resulta... • https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-14441 – Gentoo Linux Security Advisory 201903-17
https://notcve.org/view.php?id=CVE-2017-14441
23 Apr 2018 — An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de renderización de imágenes ICO de SDL2_image-2.0.2. Una imagen ICO especialmente manipulada puede provocar un desbord... • https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-14442 – Gentoo Linux Security Advisory 201903-17
https://notcve.org/view.php?id=CVE-2017-14442
23 Apr 2018 — An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de renderización de imágenes BMP de SDL2_image-2.0.2. Una imagen BMP especialmente manipulada puede provocar un desbordamiento de búfer basado en pila q... • https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-14448 – Gentoo Linux Security Advisory 201903-17
https://notcve.org/view.php?id=CVE-2017-14448
23 Apr 2018 — An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de renderización de imágenes XCF de SDL2_image-2.0.2. Un archivo XCF especialmente manipulado puede provocar un desbordamiento de montículos que daría lu... • https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-14449 – Gentoo Linux Security Advisory 201903-17
https://notcve.org/view.php?id=CVE-2017-14449
23 Apr 2018 — A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. Existe una vulnerabilidad de doble liberación (double free) en la funcionalidad de renderización de imágenes XCF de SDL2_image-2.0.2. Una imagen XCF especialmente manipulada puede hacer que ocurra una situación de doble liberación (double free). • https://security.gentoo.org/glsa/201903-17 • CWE-415: Double Free •