Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Simple_directmedia_layer
(Libsdl)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 26 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-05-20 | CVE-2019-12220 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c. | Sdl2_image, Simple_directmedia_layer | 6.5 | ||
| 2019-05-20 | CVE-2019-12221 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. | Ubuntu_linux, Debian_linux, Fedora, Sdl2_image, Simple_directmedia_layer, Backports_sle, Leap | 6.5 | ||
| 2019-05-20 | CVE-2019-12222 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c. | Simple_directmedia_layer | 6.5 | ||
| 2019-07-16 | CVE-2019-13616 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. | Ubuntu_linux, Debian_linux, Fedora, Simple_directmedia_layer, Backports_sle, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 8.1 | ||
| 2020-01-07 | CVE-2019-14906 | A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to... | Simple_directmedia_layer, Enterprise_linux | 9.8 | ||
| 2017-10-11 | CVE-2017-2888 | An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | Ubuntu_linux, Debian_linux, Simple_directmedia_layer | 8.8 |