CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в libsdl1.2, libsdl2

In SDL Simple DirectMedia Layer, from versions 1.2.15 onward, as well as in versions 2.x through 2.0.9, there is a heap-based buffer over-read issue in the Map1toN function within the video/SDLpixels.c file...

8.8CVSS6.9AI score0.02959EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в libsdl1.2, libsdl2

In SDL Simple DirectMedia Layer, from versions 1.2.15 onward, as well as in versions 2.x through 2.0.9, there is a heap-based buffer over-read issue in the InitMSADPCM function within audio/SDLwave.c located outside the wNumCoef loop...

8.8CVSS6.9AI score0.02946EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в sdl-image1.2

There is an exploitable code execution vulnerability in the XPM image rendering functionality of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating a buffer that is too small. This buffer can then be written beyond its boundaries, leading to a heap overflow a...

8.8CVSS7.8AI score0.03616EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в libsdl2

A potential memory leak issue was discovered in the SDL2 library, specifically in the GLESCreateTexture function within the SDLrendergles.c file. This vulnerability allows an attacker to carry out a denial-of-service attack. The vulnerability affects SDL2 version 2.0.4 and later versions. SDL-1.x...

7.5CVSS7.1AI score0.01265EPSS

Fedora•added 2026/05/19 1:43 a.m.•18 views

[SECURITY] Fedora 42 Update: SDL2_image-2.8.12-1.fc42

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL surfaces...

7.1CVSS5.9AI score0.00262EPSS

Exploits0

Fedora•added 2026/05/19 1:33 a.m.•12 views

[SECURITY] Fedora 43 Update: SDL2_image-2.8.12-1.fc43

7.1CVSS5.9AI score0.00262EPSS

Exploits0

Tenable Nessus•added 2026/05/11 12:0 a.m.•6 views

Unity Linux 20.1060e / 20.1070e Security Update: SDL (UTSA-2026-017566)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017566 advisory. SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMAADPCMdecode in audio/SDLwave.c. Tenable has extracted the...

8.8CVSS6.9AI score0.02806EPSS

Tenable Nessus•added 2026/05/11 12:0 a.m.•7 views

Unity Linux 20.1060e / 20.1070e Security Update: SDL (UTSA-2026-017580)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017580 advisory. SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MSADPCMdecode in audio/SDLwave.c. Tenable has extracted the...

8.8CVSS7AI score0.02955EPSS

Tenable Nessus•added 2026/05/11 12:0 a.m.•10 views

Unity Linux 20.1060e / 20.1070e Security Update: SDL (UTSA-2026-017561)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017561 advisory. SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMAADPCMnibble in audio/SDLwave.c. Tenable has extracted the preceding...

8.8CVSS6AI score0.02806EPSS

NVD•added 2026/05/08 4:16 p.m.•20 views

CVE-2026-42793

Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language modules ca...

8.2CVSS0.00613EPSS

Cvelist•added 2026/05/08 3:42 p.m.•41 views

CVE-2026-42793 Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe

8.2CVSS0.00613EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux – Vulnerability in libsdl2, libsdl1.2

There is a heap overflow issue in the video/SDLpixels.c file in SDL Simple DirectMedia Layer versions 2.x to 2.0.18. By creating a malicious .BMP file, an attacker can cause the application using this library to crash, result in a denial of service, or lead to code execution...

8.8CVSS7AI score0.01986EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in libsdl2

SDL Simple DirectMediaLayer from version 2.0.12 has an integer overflow issue, which leads to heap corruption when using SDLBlitCopy in the video/SDLblitcopy.c file, due to a specially crafted .BMP file...

7.8CVSS7.6AI score0.01311EPSS

SUSE CVE•added 2026/04/20 11:27 p.m.•4 views

SUSE CVE-2026-28212

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an opslice network packet, the server passes an unprepared structure containing a null pointer to the SDLinfo function, resulting in a null pointer dereference an...

7.5CVSS5.7AI score0.00503EPSS

SUSE CVE•added 2026/04/20 11:26 p.m.•4 views

SUSE CVE-2026-35215

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

7.5CVSS5.7AI score0.00466EPSS

RedhatCVE•added 2026/04/20 1:8 p.m.•2 views

CVE-2026-35215

A flaw was found in Firebird. In the sdldesc function, a division by zero vulnerability exists due to improper validation of the length of a decoded SDL descriptor from a slice packet. An unauthenticated attacker can exploit this by sending a specially crafted slice packet, leading to a server...

7.5CVSS5.8AI score0.00466EPSS

NVD•added 2026/04/17 8:16 p.m.•1 views

CVE-2026-35215

7.5CVSS0.00466EPSS