CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4743 – Gentoo Linux Security Advisory 202305-18
https://notcve.org/view.php?id=CVE-2022-4743
12 Jan 2023 — A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. Multiple vulnerabilities have been found in libsdl2, the worst of which could result in arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2022-4743 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34568 – Gentoo Linux Security Advisory 202305-17
https://notcve.org/view.php?id=CVE-2022-34568
28 Jul 2022 — SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c. Se ha detectado que SDL versión v1.2, contenía un uso de memoria previamente libarada por medio de la función XFree en el archivo /src/video/x11/SDL_x11yuv.c Multiple vulnerabilities have been found in libsdl, the worst of which could result in arbitrary code execution. Versions less than 1.2.15_p20221201>= are affected. • https://github.com/libsdl-org/SDL-1.2/issues/863 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-27470 – Gentoo Linux Security Advisory 202407-02
https://notcve.org/view.php?id=CVE-2022-27470
04 May 2022 — SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. Se ha detectado que SDL_ttf versiones v2.0.18 y anteriores, contienen una escritura arbitraria en memoria por medio de la función TTF_RenderText_Solid(). Esta vulnerabilidad es desencadenada por medio de un archivo TTF diseñado A vulnerability has been discovered in SDL_ttf, which can lead to arbitrary memory writes. Versions greater t... • https://github.com/libsdl-org/SDL_ttf/commit/db1b41ab8bde6723c24b866e466cad78c2fa0448 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33657 – Gentoo Linux Security Advisory 202305-18
https://notcve.org/view.php?id=CVE-2021-33657
01 Apr 2022 — There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. Se presenta un problema de desbordamiento de pila en el archivo video/SDL_pixels.c en SDL (Simple DirectMedia Layer) versiones 2.x a 2.0.18. Al diseñar un archivo .BMP malicioso, un atacante puede causar el bloqueo de la aplicación que usa esta biblioteca, una... • https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14409 – Gentoo Linux Security Advisory 202107-55
https://notcve.org/view.php?id=CVE-2020-14409
19 Jan 2021 — SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. SDL (Simple DirectMedia Layer) versiones hasta 2.0.12, presenta un Desbordamiento de Enteros (y una corrupción de la pila de SDL_memcpy resultante) en SDL_BlitCopy en el archivo video/SDL_blit_copy.c por medio de un archivo .BMP diseñado Multiple vulnerabilities have been found in libsdl2, the worst of which could result in a Denia... • https://bugzilla.libsdl.org/show_bug.cgi?id=5200 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14410 – Gentoo Linux Security Advisory 202107-55
https://notcve.org/view.php?id=CVE-2020-14410
19 Jan 2021 — SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. SDL (Simple DirectMedia Layer) versiones hasta 2.0.12, presenta una sobreescritura del búfer en la región heap de la memoria en la función Blit_3or4_to_3or4__inversed_rgb en el archivo video/SDL_blit_N.c por medio de un archivo .BMP diseñado Multiple vulnerabilities have been found in libsdl2, the worst of which could result in a Denial of Service ... • https://bugzilla.libsdl.org/show_bug.cgi?id=5200 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2019-14906 – SDL: not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:3950
https://notcve.org/view.php?id=CVE-2019-14906
02 Dec 2019 — A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the applica... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 1CVE-2019-5060
https://notcve.org/view.php?id=CVE-2019-5060
31 Jul 2019 — An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la función de render... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2019-5059
https://notcve.org/view.php?id=CVE-2019-5059
31 Jul 2019 — An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad de renderización de imáge... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2019-5058
https://notcve.org/view.php?id=CVE-2019-5058
31 Jul 2019 — An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad de renderización de imágenes XCF de SDL2_image versión 2.0.4. Una imagen XCF especialmente diseñada puede causar un desbordamiento de la pila, resu... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •