CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4743 – Gentoo Linux Security Advisory 202305-18
https://notcve.org/view.php?id=CVE-2022-4743
12 Jan 2023 — A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. Multiple vulnerabilities have been found in libsdl2, the worst of which could result in arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2022-4743 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33657 – Gentoo Linux Security Advisory 202305-18
https://notcve.org/view.php?id=CVE-2021-33657
01 Apr 2022 — There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. Se presenta un problema de desbordamiento de pila en el archivo video/SDL_pixels.c en SDL (Simple DirectMedia Layer) versiones 2.x a 2.0.18. Al diseñar un archivo .BMP malicioso, un atacante puede causar el bloqueo de la aplicación que usa esta biblioteca, una... • https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2019-14906 – SDL: not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:3950
https://notcve.org/view.php?id=CVE-2019-14906
02 Dec 2019 — A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the applica... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 4%CPEs: 23EXPL: 1CVE-2019-13616 – SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c
https://notcve.org/view.php?id=CVE-2019-13616
16 Jul 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. hasta 2.0.9, presenta una lectura excesiva del búfer en la región heap de la memoria en BlitNtoN en el archivo video/SDL_blit_N.c cuando es llamado desde SDL_SoftBlit en el archivo video/SDL_blit.c. A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing s... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 7%CPEs: 13EXPL: 1CVE-2019-7637 – SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c
https://notcve.org/view.php?id=CVE-2019-7637
08 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene un desbordamiento de búfer basado en memoria dinámica (heap) en SDL_FillRect en video/SDL_surface.c. Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Issues addressed include buffe... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 3%CPEs: 15EXPL: 1CVE-2019-7635 – SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c
https://notcve.org/view.php?id=CVE-2019-7635
08 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en Blit1to4 en video/SDL_blit_1.c. USN-4156-1 fixed several vulnerabilities in SDL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that SDL incorrectly handle... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 3%CPEs: 12EXPL: 1CVE-2019-7636 – SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c
https://notcve.org/view.php?id=CVE-2019-7636
08 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en SDL_GetRGB en video/SDL_pixels.c. Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Issues addressed include buffer over... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 3%CPEs: 10EXPL: 1CVE-2019-7638 – SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c
https://notcve.org/view.php?id=CVE-2019-7638
08 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en Map1toN en video/SDL_pixels.c. It was discovered that SDL 2.0 mishandled crafted image files resulting in an integer overflow. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 3%CPEs: 11EXPL: 1CVE-2019-7572 – SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c
https://notcve.org/view.php?id=CVE-2019-7572
07 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer en IMA_ADPCM_nibble en audio/SDL_wave.c. Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Issues addressed include buffer over-read and buffer overflow vulnerabili... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 3%CPEs: 11EXPL: 1CVE-2019-7573 – SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
https://notcve.org/view.php?id=CVE-2019-7573
07 Feb 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en InitMS_ADPCM en audio/SDL_wave.c (dentro del bucle wNumCoef). Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •